Help & FAQs

Personal data shall mean any information relating to an identified or identifiable natural or a living person which is also referred to as the ‘Data Subject’.

Data Controller is a person who either alone, jointly with other persons or in common with other persons or as a statutory duty determines the purposes for and the manner in which personal data is processed or is to be processed.

Data processor in relation to personal data means any person other than an employee of the data controller who processes the data on behalf of the data controller.

Yes, section 27 (1) A data controller who intends to process personal data shall Register with the Commission.

Yes, but it should be ensured that the third party is registered and in compliance with the eight (8) principles of the Data Protection Act 843.

Yes, if they are operating in our jurisdiction, they are required to comply with the Data protection regulations in Ghana. The institution should register with Register General’s Department to acquire a corporate TIN.

No, you cannot be guaranteed that your data would be protected if they are not complying to data protection principles.

Yes, section 60 (1) of the Data Protection Acts 843 exempts processing of personal data for the following reasons.

• Public order
• Public safety
• Public morality
• National security
• Public interest

The Data Controller, Data Processor and Data subject each play a role in protecting personal data.

Notify the Data Protection Commission as soon as possible.

Yes, it does. of the act talks about the rights if a data subject in relation to exempt manual data.

Sensitive Data refers to the religious or philosophical beliefs, ethnic origin, race, Trade Union membership, political opinions, health, sexual life or criminal behavior individual.

A data controller may appoint a certified and qualified data supervisor to act as a data protection supervisor. The data protection supervisor is responsible for the monitoring of the data controller’s compliance with the provisions of this Act. (Section 58)

Yes, a data subject has the right of access to his/her personal data. (Section 32 & 35)

Yes. A data subject may request a data controller to correct or delete his/her personal data. (Section 33)

Subject to subsection (5) of Section 35 a data controller shall comply with a request under this section promptly and in any event within forty days from the date of receipt of the request.

Where an individual suffers damage or distress through the contravention by a data controller of the requirements of this Act, that individual is entitled to compensation from the data controller for the damage or distress. (Section 43)

Yes, it does. There are Sections of the Act that mandate the commission to take enforcement actions against and issue fines to data controllers who are non-compliant of this Act.

A data controller who records personal data shall not retain the personal data for a period longer than is necessary to achieve the purpose for which the data was collected and processed.

The Data Protection Commission has categorised registration fees based on the size and nature of your organisation. These fees are clearly outlined in the official DPC Fees and Charges Schedule. The categories include:

• Large Entities: GH¢ 1,800.00

• Medium Entities: GH¢ 900.00

• Small Businesses & Startups: GH¢ 120.00

To find the category your organisation falls under and view all applicable services (including training and audits), kindly download the full schedule below.

Download Full Fees & Charges PDF