TheArtOfService
Back to Frameworks

Ghana Data Protection Act 2012 (Act 843)

Self-Assess
Ghana
v2012
7 domains
12 controls

The Ghana Data Protection Act, 2012 (Act 843) is the national personal data protection law of Ghana enacted 16 October 2012 + administered by the DATA PROTECTION COMMISSION (DPC) of Ghana (Sec.1-15). Act 843 was one of the earlier comprehensive African data-protection laws + predates GDPR + draws on Council of Europe Convention 108 + UK Data Protection Act 1998 + ECOWAS Supplementary Act on Personal Data Protection. KEY PROVISIONS: (1) ESTABLISHMENT of the Data Protection Commission as independent body with Director-General + Board + offices + powers including registration + complaints + investigations + audit + enforcement; (2) 8 DATA PROTECTION PRINCIPLES per Sec.17-23 - lawful + fair + transparent processing + purpose limitation + data minimisation + accuracy + storage limitation + integrity + confidentiality + accountability; (3) DATA SUBJECT RIGHTS Sec.30-38 - access + rectification + erasure + objection + data portability (2017 amendments) + automated-decision-making protection + complaints to DPC; (4) DATA CONTROLLER + PROCESSOR registration with DPC + annual fee + renewal + register publicly accessible; (5) SENSITIVE DATA + CHILDREN safeguards including explicit consent + special-category basis; (6) CROSS-BORDER TRANSFERS Sec.47 - adequacy + safeguards + Ministerial approval for sensitive transfers + ECOWAS regional cooperation; (7) BREACH NOTIFICATION Sec.55 - DPC notification + data subject notification for material breaches; (8) ENFORCEMENT - administrative penalties up to GHS 1,000-5,000+ + criminal sanctions up to 10 years imprisonment for serious offences; (9) SECTORAL COORDINATION with Ghana Cybersecurity Act 2020 + Banking Act + Electronic Communications Act + Electronic Transactions Act + sector regulators. 2024-2025 AMENDMENT PIPELINE: GDPR-alignment review + potential amendments to enhance DSR + breach notification + AI/ML + cross-border transfers + fines; the Ghana Data Protection Authority + DPC reviewing amendments to align with EU adequacy aspirations + African Union Malabo Convention.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (7)

Ghana DPA: 8 Data Protection Principles + Lawful Basis + Consent (Sec 17-24, Part Two)

1 controls
Controls in the Ghana DPA: 8 Data Protection Principles + Lawful Basis + Consent (Sec 17-24, Part Two) domain of Ghana Data Protection Act 2012 (Act 843)1 controls
CodeTitle
GhDPA-8Principles-Lawful-Consent8 Data Protection Principles + Lawful Basis + Consent (Sec 17-24, Part Two)

Ghana DPA: Cross-Border Transfers, Breach Notification and Enforcement (Part Five)

1 controls
Controls in the Ghana DPA: Cross-Border Transfers, Breach Notification and Enforcement (Part Five) domain of Ghana Data Protection Act 2012 (Act 843)1 controls
CodeTitle
GhDPA-CrossBorder-Breach-EnforcementCross-Border Transfers, Breach Notification, Enforcement and Penalties (Part Five)

Ghana DPA: Data Controller + Processor Registration + Obligations (Part Four)

1 controls
Controls in the Ghana DPA: Data Controller + Processor Registration + Obligations (Part Four) domain of Ghana Data Protection Act 2012 (Act 843)1 controls
CodeTitle
GhDPA-Registration-Controller-ProcessorData Controller + Processor Registration and Obligations (Part Four)

Ghana DPA: Data Subject Rights (Access, Rectification, Erasure, Objection, Portability) (Sec 30-38)

1 controls
Controls in the Ghana DPA: Data Subject Rights (Access, Rectification, Erasure, Objection, Portability) (Sec 30-38) domain of Ghana Data Protection Act 2012 (Act 843)1 controls
CodeTitle
GhDPA-DataSubjectRightsData Subject Rights (Access, Rectification, Erasure, Objection, Portability) (Sec 30-38)

Ghana DPA: Scope, DPC Establishment and Definitions (Part One)

1 controls
Controls in the Ghana DPA: Scope, DPC Establishment and Definitions (Part One) domain of Ghana Data Protection Act 2012 (Act 843)1 controls
CodeTitle
GhDPA-Scope-DPC-DefsScope, DPC Establishment and Definitions (Part One, Sec 1-15)

Ghana DPA: Sectoral Coordination (Cybersecurity Act, ECOWAS, Malabo) and 2024-2025 Pipeline

6 controls
Controls in the Ghana DPA: Sectoral Coordination (Cybersecurity Act, ECOWAS, Malabo) and 2024-2025 Pipeline domain of Ghana Data Protection Act 2012 (Act 843)6 controls
CodeTitle
GhDPA-Coord-Cyber-ECOWAS-Malabo-StatusSectoral Coordination + ECOWAS + Malabo + 2024-2025 Pipeline + Status
GhDPA-Coord-Sectoral-Bank-Tel-HealthSectoral Coordination - Banking, Telecommunications, Healthcare, Education + Public Sector
GhDPA-Crosswalk-GDPR-CoE108-SectoralCrosswalk to GDPR, Council of Europe Convention 108+, AU Malabo Convention and Industry Frameworks
GhDPA-Implementation-RoadmapImplementation Roadmap - Organizational Roles, Tooling and Metrics
GhDPA-Status-2024-2025-Amendment-AIImplementation Status, 2024-2025 Amendment Pipeline, AI/ML and EU Adequacy Aspirations
GhDPA-Status-DPC-EnforcementDPC Enforcement Status, Case Activity and Capacity-Building 2024-2025

Ghana DPA: Sensitive Data, Children and Special Categories

1 controls
Controls in the Ghana DPA: Sensitive Data, Children and Special Categories domain of Ghana Data Protection Act 2012 (Act 843)1 controls
CodeTitle
GhDPA-SensitiveData-ChildrenSensitive Personal Data and Children's Data (Sec 5 + 35)

Frequently Asked Questions

What is Ghana Data Protection Act 2012 (Act 843)?

Ghana Data Protection Act 2012 (Act 843) is a compliance framework from Ghana with 7 domains and 12 controls. The Ghana Data Protection Act, 2012 (Act 843) is the national personal data protection law of Ghana enacted 16 October 2012 + administered by the DATA PROTECTION COMMISSION (DPC) of Ghana (Sec.1-15). Act 843 was one of the earlier comprehensive African data-protection laws + predates GDPR + draws on Council of Europe Convention 108 + UK Data Protection Act 1998 + ECOWAS Supplementary Act on Personal Data Protection. KEY PROVISIONS: (1) ESTABLISHMENT of the Data Protection Commission as independent body with Director-General + Board + offices + powers including registration + complaints + investigations + audit + enforcement; (2) 8 DATA PROTECTION PRINCIPLES per Sec.17-23 - lawful + fair + transparent processing + purpose limitation + data minimisation + accuracy + storage limitation + integrity + confidentiality + accountability; (3) DATA SUBJECT RIGHTS Sec.30-38 - access + rectification + erasure + objection + data portability (2017 amendments) + automated-decision-making protection + complaints to DPC; (4) DATA CONTROLLER + PROCESSOR registration with DPC + annual fee + renewal + register publicly accessible; (5) SENSITIVE DATA + CHILDREN safeguards including explicit consent + special-category basis; (6) CROSS-BORDER TRANSFERS Sec.47 - adequacy + safeguards + Ministerial approval for sensitive transfers + ECOWAS regional cooperation; (7) BREACH NOTIFICATION Sec.55 - DPC notification + data subject notification for material breaches; (8) ENFORCEMENT - administrative penalties up to GHS 1,000-5,000+ + criminal sanctions up to 10 years imprisonment for serious offences; (9) SECTORAL COORDINATION with Ghana Cybersecurity Act 2020 + Banking Act + Electronic Communications Act + Electronic Transactions Act + sector regulators. 2024-2025 AMENDMENT PIPELINE: GDPR-alignment review + potential amendments to enhance DSR + breach notification + AI/ML + cross-border transfers + fines; the Ghana Data Protection Authority + DPC reviewing amendments to align with EU adequacy aspirations + African Union Malabo Convention. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Ghana Data Protection Act 2012 (Act 843) have?

Ghana Data Protection Act 2012 (Act 843) has 12 controls organised across 7 domains. The largest domains are Ghana DPA: Sectoral Coordination (Cybersecurity Act, ECOWAS, Malabo) and 2024-2025 Pipeline (6 controls), Ghana DPA: 8 Data Protection Principles + Lawful Basis + Consent (Sec 17-24, Part Two) (1 controls), Ghana DPA: Cross-Border Transfers, Breach Notification and Enforcement (Part Five) (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Ghana Data Protection Act 2012 (Act 843) map to?

Ghana Data Protection Act 2012 (Act 843) does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.

How do I get started with Ghana Data Protection Act 2012 (Act 843) compliance?

Start your Ghana Data Protection Act 2012 (Act 843) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Ghana Data Protection Act 2012 (Act 843) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 12 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 701 frameworks.

Get Started Free →

Free forever — no credit card required