Officials of institutions responsible for processing personal information (data controllers) of the public have been given up to December 1, to register with the Data Protection Commission (DPC) or face prosecution.
According to Dr Herbert Gustav Yankson, Chief Superintendent of Police, Cybercrime Unit, the registration is in accordance with Section 27 (1) of the Data Protection Act, 2012 (Act 843).
The DPC in April issued a release reminding all organisations who performed functions as data controllers to comply with their mandatory requirements in accordance with Section 27 (1) of the Data Protection Act, 2012 (Act 843) and register with the Commission.
The release was the fourth in series since the Commission commenced registration of potential data controllers in May 2015, besides issuance of letters to affected organisations, news reports and other publications as well as media campaigns including radio jingle advertisements and radio and television public sensitisation.
It is however worrying that regardless of these extensive and comprehensive notifications, many affected organisations and companies have not complied with the notices and were defiant to the May 31, deadline to register with the Commission.
The category of organisations and individuals being referred to as data controllers includes; all Government Bodies, Parliament, Associations, Fitness Centre.
Others are Financial Institutions, Insurance Firms, Educational Institutions, Religious Bodies, Health Institution and Non-Governmental organisations.
Speaking to the Ghana News Agency in Accra, Dr Yankson said, by the complains of the DPC, the Cybercrime Unit wrote to more than 100 companies from all sectors of the economy to invite them to query on why have not registered.
“Many of them said they are not aware of the law and we have decided to give it a human face by just giving them a verbal law (caution) and have given them by December 1 to register,” he said.
Dr Yankson cautioned that reference to Section 56 and 95 of the Data Protection Act, 2012 (Act 843) had no other option than prosecution against the potential organisations, companies or individuals whose actions or inactions by indication could be established as sheer defiance or apathetic.
He said Section 56 of the act states: “A person who fails to register as a data controller but processes personal data commits an offence and is liable to summary conviction to a fine of not more than 250 penalty units or a term of imprisonment of not more than two years or both.”
Mr MacDonald Bubuama, Communication Consultant, DPC said the act defined a data controller “as a person who, who either alone, jointly with other persons or in common with other persons or as a statutory duty determines the purposes for and the manner in, which personal data is processed or is to be processed”.
The DPC is an independent statutory body established under the Data Protection Act, 2012 (Act 843) to protect the privacy of the individual and personal data by regulating the processing of personal information.
Join GhanaStar.com to receive daily email alerts of breaking news in Ghana. GhanaStar.com is your source for all Ghana News. Get the latest Ghana news, breaking news, sports, politics, entertainment and more about Ghana, Africa and beyond.
(Via: NewsGhana)