Three managers have been arrested by the Data Protection Commission (DPC) and the Criminal Investigations Department (CID) of the Ghana Police Service for violating the Data Protection Act, 2012 (Act 843). The arrested individuals represent institutions including Hisense, a technology goods dealership, Marwako Fast Foods, and Agyabeng Akrasi and Co Limited, a law firm.
Additionally, Quick Credit and Investment Micro-Credit, as well as Bemuah Royal Hospital, have been summoned for questioning due to suspected breaches of privacy.
Furthermore, the arrestees are accused of failing to register with the Commission and improperly processing personal data, a contravention of Section 56 of the Data Protection Act, 2012.
Additionally, Quick Credit and Investment Micro-Credit are cited for issuing threats and engaging in harassing behavior towards customers who defaulted on loans, which the Commission considers a breach of privacy. The enforcement operation, led by the DPC’s Enforcement Unit, aims to ensure compliance with the Data Protection Act to safeguard individuals’ personal data and privacy through regulated data processing.
Despite prior notifications and attempts to engage the companies in compliance, they have allegedly not abided by the law. Mr. Quintin Akroboto, Director of Regulatory and Compliance for DPC, emphasized that non-compliant companies will be subject to prosecution, with potential fines or imprisonment as per the law.
The DPC has asserted its commitment to holding data controllers accountable and has currently placed around 250 companies under surveillance for potential data protection breaches. Ms. Patricia Adusei-Poku, Executive Director of DPC, warned non-compliant institutions to register with the Commission to avoid reputational and financial losses resulting from potential legal actions.