The Data Protection Commission will today, September 28, 2023, embark on another enforcement exercise to clamp down on unregistered data controllers.
The Commission began active enforcement last month, conducting spot checks, data protection audits and arresting companies found culpable of data breaches.
This activity, the Executive Director, Patricia Adusei-Poku, says has come to stay in order to hold accountable data controllers to ensure full compliance with the law.
“We the Data Protection Commission still consider that the percentage of public who are responsible for data controllers compared to what is in our database is still very low. We have over 800,000 records of active taxpayers that have failed to register with the commission.”
“This is why we have scaled up the law by doing these spot checks and visiting institutions that are falling foul of the requirement of this legal obligation”, she told an Accra-based television station.
She added that her outfit is undertaking this action in two ways, adding, “Many of these spot checks visits are to for the private sector to comply.
“We are not doing this to protect the public sector not taking action. We have also worked with the Select Committee of Communications in Parliament to ensure that institutions comply”.
The Data Protection Commission on August 14, 2023, began active enforcement of the Data Protection Act 2012 (Act 843).
This meant businesses that had failed to register with the Commission as Data Controllers but were processing personal data were liable to summary conviction to a fine or a term of imprisonment.
Falling under the radar for non-compliance included Hisense Group and Mawarko Fast Food out of many others on the compiled list for prosecution.