Support Centre



Law: Data Protection Act, 2012 ('the Data Protection Act')

Regulator: The Data Protection Commission ('the DPC')

Summary: The Data Protection Act protects individuals' privacy and personal data by regulating the processing of personal information, and defines the processes to obtain, hold, use or disclose personal information, as well as related matters. The Data Protection Act establishes, among other things, mandatory breach notifications, data processor obligations, registration prior to processing, and a broad range of data subject rights. Furthermore, the Data Protection Act works in tandem with other relevant legislation, such as the Credit Reporting Act, 2007 and the Whistleblower Act 2006. Ghana also became, in May 2019, one of only five countries to have ratified the African Union Convention on Cyber Security and Personal Data Protection.


In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Data Protection Act of 2012 (the Ghanaian Act).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the Ghanaian Act with the  GDPR.

You can access the latest version of the report here.