Distinguish Ladies and gentlemen of the press,

The Data Protection Commission (DPC) welcomes you all to our meet the press today to engage the public through your platforms. We would like to bring to the attention of the general public some Data Protection issues as we commence the celebration of Global Data Protection Week. As you may be aware, the DPC was establish by the Data Protection Act, 2012 (Act 843) in 2012. Our main mandate is to protect the privacy of individuals and their personal data. Towards this objective, we have been working tirelessly with our limited resources to train and upskill local data protection professionals, educate the public to reduce the skills deficit, support entities in the public and private sector with good data governance and keep abreast with international best practices for protecting data and the privacy of individuals.

Today, we wish to inform the general public of the following;


The Data Privacy Day also known as the Data Protection Day is a global event celebrated on the 28th of January every year to raise awareness among Data Subjects and businesses about the importance of protecting privacy as a Fundamental Human Right. A major objective of the Data Protection Day is to inform and educate the public at large of their day to day rights and also provide professionals with the opportunity of meeting Data Subjects.

As a member of the Global Assembly Privacy (GPA), the Ghana Data Protection Commission (DPC) will be commemorating this by organizing week-long nationwide awareness activities to sensitise the general public about Data Protection and Privacy.

Our Theme for the week is “Transparency, Trust & Transformation in a Digitised Ghana”


The DPC to improve its state of maturity as a newly established government institution such as enhancing the capacity of its personnel has acquired a state-of-the-art Registration Software for more effective and efficient delivery of its mandate.

The new registration software is interactive

  •  Applicant Data Controllers now have a login to a profile area that provides them visibility into their registration record. You can log in whenever, to review, amend, or update your information held.
  •  The system automatically assesses your institution’s state of compliance as you complete your form online and presents you with a percentage score against a 100% weighted state of compliance.
  •  You receive a roadmap of milestones to achieve as the next steps following registration. The systems allow the upload of photos, videos, and other documents as evidence of your accountability to your data subjects and the DPC.

The Commission is able to share letters and messages with you in your profile space. pg. 2


Following the successful launch of our new registration software in October 2020, the DPC expects all affected by the Data Protection Act 2012, (Act 843) (which is every entity in the country) to duly register and pay the required fees as a legal obligation.

The transitional provisions in Section 97 of Act 843, which stipulate that if your entity existed before May 2012, you should have registered within 3 months (from August 2012) and renewed your license 2 years i.e. 2014, 2016, 2018 and 2020. Newly incorporate entities should register within 20 days of the business commencement.

The new DPC Registration Software now can determine the total arrears owed from May 2012 when you apply to register. The DPC would be backdating arrears to March 2014 will the Registration fees were formally cleared by parliament.

Several qualifying entities have failed to register with the Commission since 2014. Though they should have been sanctioned under the law, the Commission has refrained from doing so while it steps up public education and our internal capacity building. With the new registration software, invoice generation is now possible for every incorporated business and established entities that process personal data.


Considering the impact of Covid-19 on businesses, the Minister of Communications has granted an AMNESTY for 6 months from 1st October 2020 to 31st March 2021 to allow defaulting Data Controllers to register with Commission and pay just the current year’s amount due; waving any applicable arrears.

We entreat all defaulting institutions to take advantage of the Amnesty Period to be in good standing with the Commission. All entities which fail to regularize their operations with the Commission during this amnesty period will face the full brunt of the law after 31st March 2021.


The DPC is engaging some critical stakeholders in a collaborative effort to step up public education on the need to protect personal data, monitor the compliance status of Data Controllers. These institutions include the Ministry of Health, Ministry of Education, Controller and Accountant Generals Department, Ministry of Justice and the Attorney General’s Department, Electoral Commission together with various civil servants’ groups at the national and regional level.

We are glad to inform you that the DPC and the Internal Audit Agency have signed an MOU in a collaborative effort to train all Internal Auditors nationwide to expand the scope of the audit to include the requirements of Act 843.

This collaboration should enable a nationwide adherence and consistent approach to implementation and enable the monitoring of accountability in the processing of personal data.


The Commission's main focus has been sensitizing the general public on the 3T’s objective namely TRANSPARENCY, TRUST and TRANSFORMATION to promote the Rights of individuals as well as educate the Public and Private sector to fully demonstrate and evidence to their Data Subjects as we work collaboratively towards the National Transformation Agenda. The DPC continues to engage the public-private sector through forums, workshops, webinars, and free drop-in sessions among others to create more awareness on the importance of ensuring data privacy in businesses to meet the reasonable expectation of the general public. 


As the DPC scales up its operations to the regions, we intend to increase the number of professionally trained Privacy Practitioners in our ecosystem. The DPC intends to accredit additional training institutions to assist with the training of our professionals. Our accreditation process is to ensure that the quality and standard of training is maintained nationwide. This will enable a consistent and standardised approach to the implementation of privacy programs by institutions who have understood the Commission’s mandate and expectations. They will use the official manual and deliver the same course as is being offered now.

The general public should always verify that an institution is accredited by the DPC to offer data protection training to ensure the quality and standard of training will be acceptable for our compliance requirements.

The Commission provides for the process to obtain, hold, use or disclose personal information and for other related issues bordering on the protection of personal data.