The accreditation process for organisations by the Data Protection Commission (DPC) under Ghana’s Data Protection Act, 2012 (Act 843) begins with mandatory registration.
- All data controllers and processors intending to process personal data must apply in writing to the DPC, providing detailed information including business name, address, the nature of personal data to be processed, and the purpose of processing. The DPC reviews these applications to ensure adequate safeguards for privacy and compliance with the Act’s principles. Upon successful registration, organisations receive a Certificate of Registration valid for two years, which must be renewed thereafter.
- In addition to registration, organisations are required to demonstrate ongoing compliance by submitting periodic compliance reports to the Commission before renewing their registration. They must appoint a qualified Data Protection Supervisor who is responsible for monitoring the organisation’s adherence to data protection laws and principles.
- The Act also mandates the implementation of internal privacy programs and policies that align with the eight fundamental data protection principles, including accountability, lawfulness, data security, and openness.
- For institutions seeking to offer Certified Data Protection Supervisor (CDPS) training, the DPC offers an accreditation process that requires evidence of registration with the Commission, valid tax and social security certificates, and proof of compliance with the Act. These institutions must also appoint and train a data supervisor and demonstrate the implementation of internal privacy measures. Interested organisations must formally apply to the Commission, which evaluates eligibility based on these criteria to ensure that accredited institutions maintain high standards in data protection training and awareness.