Law: Data Protection Act, 2012 ('the Data Protection Act')
Regulator: The Data Protection Commission ('the DPC')
Summary: The Data Protection Act protects individuals' privacy and personal data by regulating the processing of personal information, and defines the processes to obtain, hold, use or disclose personal information, as well as related matters. The Data Protection Act establishes, among other things, mandatory breach notifications, data processor obligations, registration prior to processing, and a broad range of data subject rights. Furthermore, the Data Protection Act works in tandem with other relevant legislation, such as the Credit Reporting Act, 2007 and the Whistleblower Act 2006. Ghana also became, in May 2019, one of only five countries to have ratified the African Union Convention on Cyber Security and Personal Data Protection.