Financial Intelligence Centre Ghana

Financial Intelligence Centre

Republic of Ghana

Ghana Data Protection Laws

Regulatory Framework and Compliance Requirements

Data Protection Act, 2012 (Act 843)

The primary legislation governing the protection of personal data in Ghana. This Act establishes the Data Protection Commission and sets out the principles, rights, and obligations for data processing in the Republic of Ghana.

Enacted: 2012Parliament of GhanaAct 843
Legislative Framework

Purpose of the Act

"An Act to establish a Data Protection Commission, to protect the privacy of the individual and personal data by regulating the processing of personal information, to provide the process to obtain, hold, use or disclose personal information and for related matters."
- Preamble, Data Protection Act, 2012 (Act 843)

Key Definitions (Section 96)

"Personal Data"

Data about an individual who can be identified from the data or from the data and other information in the possession of the data controller.

"Data Controller"

A person who alone, jointly with other persons or in common with other persons or as a statutory body determines the purposes and the manner in which personal data is processed.

"Data Processor"

A person who processes personal data on behalf of a data controller but does not include an employee of the data controller.

"Processing"

Obtaining, recording, holding, or carrying out any operation on the data including organization, adaptation, alteration, retrieval, consultation, use, disclosure, or erasure.

Data Protection Commission

The Act establishes the Data Protection Commission (Section 1) as the regulatory body responsible for:

  • Implementing and enforcing the provisions of the Act
  • Registering data controllers and data processors
  • Investigating complaints from data subjects
  • Conducting audits of data processing activities
  • Issuing guidelines and codes of practice
  • Imposing administrative sanctions for violations
Related Legislation

Anti-Money Laundering Act, 2020 (Act 1044)

Provides for the prevention and detection of money laundering and the establishment of the Financial Intelligence Centre. Contains provisions for the collection and processing of financial data for regulatory purposes.

Electronic Transactions Act, 2008 (Act 772)

Governs electronic transactions, digital signatures, and cybersecurity. Provides framework for electronic records and their admissibility as evidence.

Cybersecurity Act, 2020 (Act 1038)

Establishes the Cyber Security Authority and provides for the protection of critical information infrastructure. Sets requirements for incident reporting and security measures.

Payment Systems and Services Act, 2019 (Act 987)

Regulates payment systems and services, including provisions for data protection in financial transactions and electronic payment processing.