The Executive Director of the Data Protection Commission, Patricia Adusei-Poku, has marked this year’s Global Data Protection Week with a media engagement program to update them on the commission’s activities in Accra, on Wednesday 26th January, 2022.
Ms Adusei-Poku said that , the main mandate of the Commission was to protect the privacy of individuals and their personal data.
She said that, the Data Privacy Day otherwise known as the Data Protection Day is a global event celebrated on the 28th of January every year to create awareness among data subjects and businesses about the importance of protecting privacy as a Fundamental Human Right.
Adding that, “the main objective of the Data Protection Day is to inform and educate the public at large of their day to day rights and also provide professionals with the opportunity of meeting Data Subjects.”
The nationwide event will be held on the theme “Transparency, Trust and Transformation in a Digitised Ghana”.
The Commission was working tirelessly with all its available resources sensitizing the general public on Transparency, Trust and Transformation to promote the rights of individuals as well as educate the Public and Private sector to fully demonstrate and evidence to their Data Subjects collaboratively towards the National Transformation Agenda she added.
“The DPC continues to engage the public-private sector through forums, workshops, webinars, and free drop-in sessions among others to create more awareness on the importance of ensuring data privacy in businesses to meet the reasonable expectation of the general public,” the Director said.
Ms. Adusei-Poku disclosed that the DPC was engaging some critical stakeholders in a collaborative effort to step up public education on the need to protect personal data, monitor the compliance status of Data Controllers.
These institutions include the Ministry of Health, Ministry of Education, Controller and Accountant Generals Department, Ministry of Justice and the Attorney General’s Department, Electoral Commission together with various civil servants’ groups at the national and regional level.”
She however disclosed that, the DPC and the Internal Audit Agency have signed an MOU in a collaborative effort to train all Internal Auditors nationwide to expand the scope of the audit to include the requirements of Act 843.
This collaboration she said, will spur a nationwide adherence and consistent approach to implement and also enable the monitoring of accountability in the processing of personal data.
“ DPC will improve its state of maturity as a newly established government institution such as enhancing the capacity of its personnel, has acquired a state-of-the-art Registration Software for more effective and efficient delivery of its mandate” she stated.
She noted that, “the Applicant Data Controllers now have a login to a profile area that provides them visibility into their registration record. You can log in whenever, to review, amend, or update your information held. The system automatically assesses your institution’s state of compliance as you complete your form online and presents you with a percentage score against a 100% weighted state of compliance.
You receive a roadmap of milestones to achieve as the next steps following registration. The systems allow the upload of photos, videos, and other documents as evidence of your accountability to your data subjects and the DPC. The Commission is able to share letters and messages with you in your profile space.”
She urged the general public to always verify that an institution is accredited by the DPC to offer data protection training to ensure the quality and standard of training will be acceptable for our compliance requirements.”
Per the successful launch of the new registration software in October 2020, the DPC expects all affected by the Data Protection Act 2012, (Act 843) (which is every entity in the country) to duly register and pay the required fees as a legal obligation.
The Director continued that, “transitional provisions in Section 97 of Act 843, which stipulate that if your entity existed before May 2012, you should have registered within 3 months from August, 2012 and renewed your license 2 years i.e. 2014, 2016, 2018 and 2020. Newly incorporate entities should register within 20 days of the business commencement.
The new DPC Registration Software now can determine the total arrears owed from May 2012 when you apply to register. The DPC would be backdating arrears to March 2014 where the Registration fees were formally cleared by parliament.”
The Data Protection Commission (DPC) is an independent statutory body established under the Data Protection Act, 2012 (Act 843) to protect the privacy of the individual and personal data by regulating the processing of personal information. The Commission provides for the process to obtain, hold, use or disclose personal information and for other related issues bordering on the protection of personal data.