Editorial: DPC bares teeth – vows to sanction offenders of Act 843

Recognition of the right to privacy with respect to processing personal data or information led to passing Act 843 to further guarantee the right to privacy enshrined under Article 18(2) of the 1992 Constitution.

The Act provides standard principles that must be complied with by all who process personal information across the country and beyond. The law applies to all forms of personal data or information stored on both electronic and non-electronic platforms.

The Act is premised on the fundamental rule that all who process personal data must take into consideration the right of individuals to the privacy of his or her communications.

Consequent to the above, the Data Protection Commission (DPC) has warned that 2026 will mark the start of a full-scale enforcement drive, with public and private institutions which process personal data without registration facing fines and possible imprisonment.

Executive Director of the Commission, Arnold Kavaapu?, says there will be no exemptions – stressing that the law clearly mandates registration and compliance under the Data Protection Act, 2012 (Act 843).

Mr. Kavaapu? amplified this during the launch of Data Protection Week 2026 and a Meet-the-Press briefing in Accra.

“Clause 27(1) requires every data controller intending to process personal data to register with the Commission. This obligation is reinforced under Clauses 46(3) and 53, with penalties including fines and imprisonment prescribed under Clause 56.”

Data Protection Week 2026 has been expanded into a month-long national programme running from January 26 and culminating in a National Data Protection Conference on February 25 and 26 in Accra, under the theme ‘Your data, your identity: Building trust in Ghana’s digital future’.

Deputy Minister of Communications, Digital Technology and Innovations, Mr. Mohammed Adam Sukparu, said government fully supports the Commission’s enforcement stance – noting that trust in data-handling is critical as Ghana deepens investments in digital identity, mobile money and e-government systems.

Trust is non-negotiable in a digital economy where personal data increasingly determines access to finance, jobs and public services. Misuse of data undermines personal autonomy and economic participation.

Businesses assume they are compliant simply because they have not experienced a breach or regulatory investigation, but this assumption masks gaps in data-handling practices.

Data environments are complex, interconnected and often poorly documented. Thus, mapping data flow becomes a critical step in the compliance journey. Businesses must identify what personal data they collect, where it is stored, how it moves internally and with whom it is shared.

Policies play an important role in the compliance journey, but their value depends on implementation. Businesses must move beyond drafting privacy documents to embedding privacy principles into operational decision-making.

No compliance journey can succeed without clear accountability. Businesses must define who is responsible for data protection decisions and oversight. Privacy notices, consent mechanisms and data access processes must be understandable and meaningful, not merely legally sound.

Organisations that engage openly with privacy concerns often experience improved public confidence, even in challenging situations. Further, organisations that treat compliance as an ongoing process rather than a completed task are better equipped for responding to incidents, audits and public scrutiny.

The data privacy compliance journey reflects the reality that responsible data protection cannot be achieved through quick fixes or isolated initiatives. It requires awareness, discipline, accountability, transparency and continuous learning.

In an increasingly digital society, compliance is not only about meeting regulatory requirements but also about demonstrating respect for individuals and integrity in cyberspace.

Finally, data privacy compliance reduces risks, earns credibility and ensures long-term relevance in the digital age.

 

The post Editorial: DPC bares teeth – vows to sanction offenders of Act 843 appeared first on The Business & Financial Times.

Read Full Story