Data protection and Privacy laws and regulations require all who process personal information to comply with them. Accordingly, all organisations that obtain, hold, use or disclose (process) personal data must comply with the act by doing the following:
- Register & renew with the Data Protection Commission /authorities
- Provide periodic compliance reports
- Appoint a dedicated Data Protection supervisor/officer (the responsible person for DP)
- Demonstrate compliance to the act
- Implementing policies and procedures to support compliance etc.
The Act provides standard principles that must be complied with by all who process personal information across the country and beyond. The law applies to all forms of personal data or information stored on both electronic and non-electronic platforms.The Act is based on a basic rule that all who process personal data consider the rights of the individual privacy of his or her communications.
Eight (8) Basic Principles must be applied and adhered to in processing personal data
- Accountability,
- Lawfulness of Processing,
- Specification of Purpose,
- Compatibility of Further Processing With Purpose Of Collection,
- Quality of Information,
- Openness,
- Data Security Safeguards, and,
- Data Subject Participation.
For further explanations on the principles and how to adhere to the principles to ensure it is implemented practically to show accountability please Contact us
All organisations that obtain, hold, use or disclose (process) personal information must comply with the Act. These include the following:
- Register with the Data Protection Commission (section 56)
- Renew registration every two years
- Provide compliance report prior to renewal
- Appoint a dedicated Data Protection supervisor/officer (responsible person for DPC)
- Demonstrate compliance to the act
- Be available for audit on an adhoc basis
Section 56 of the Act makes Non-compliance to the act an offence which can result in enforcement by the Data Protection Commission. In addition to the above, non-compliance can lead to
- loss of customer trust
- Loss of business or tenders which stipulate adherence to data protection within and outside Ghana.
- Loss of reputation
- Loss of revenue
Information Governance Solutions provides registration and renewal services to allow you to focus on your core business knowing that it will be taken care of.
Under most data protection laws including the Ghana Data Protection Act 2012, and in many jurisdictions across Africa, all organizations that are deemed to be Data Controllers need to appoint a Certified and qualified Data Protection Supervisor/Officer (DPS/DPO).This is the person who is responsible for monitoring and advising organization’s compliance with the DPA ACT 2012 and other data privacy requirements in other jurisdictions. This does not have to be an employee or the organization but must be a suitable qualified person, with the knowledge experience to undertake the required duties.
To assist you comply with this requirement under the Act, we offer the Data Protection Supervisor/Officer as a service (DPSaaS/DPOaaS) to organizations on a service contract basis depending on the size of the business. We offer the full service of a DP Supervisor/Officer by acting as your outsourced provider whilst tailoring it to your specific need according to the size of your organisation and specific processing of personal data. Or consultants are qualified to international standards (Europe – GDPR) as well as certified practitioners to the Ghana DPA 2012.
Since 2017, IGS has been delivering the Certified Data Protection Supervisor (Practitioner Level) for the Data Protection Commission Ghana.
Data controllers are required to submit a compliance report to the DPC prior to renewing their registration every two years. Registration with DPC shows that your organization is processing personal data legally and have processes, procedures and measures in place to comply with the eight (8) Data Protection principles and the DPA 2012 ACT (843).
Our service will conduct an initial compliance assessment/health check and submit a report to your organisation to identify risk areas including potential and actual non-compliance(s). We deliver our report with recommendations and mitigation activities required to address any highlighted risks. This can be a one-off exercise or a periodically agreed assessment aligned with the needs of your business.
Our internal audit and sustainable compliance service will ensure that your organisation is proactively prepared for any DPC authorised spot checks with standardised documentary evidence, well trained staff, physically secured environment and appropriately protected hardware.
This service includes implementation of an evidence-based framework for continuous compliance, agreed set standards and minimum baseline requirements. We also provide bespoke Internal Auditor & Data protection Champion training to support your compliance obligations covering various legislations and International Standards such as ISO 27001, BS1012 (Coming soon), PIMS (Personal Information Management Systems), and support Privacy Compliance Framework (PCF).
Let us help you develop and manage small to large scale data protection projects and all other projects.
Our project management portfolio follows the areas
- Inventory/data Flow management
- Data Protection/Privacy Impact Assessments (DPIA)
- 3rd Party/ Data Processor due diligence and contract management
- Program roll out and sustainability management
- Business analysis
- Software development and deployment