The Data Protection Commission ( DPC ) has urged institutions to employ cutting-edge technologies to protect individuals’ data and privacy from malicious actors in the digital ecosystem.
A statement issued and signed by Ms Patricia Adusei Poku, Executive Director of DPC to commemorate the Data Protection Week, said that all data controllers must comply with the requirements of the Data Protection Act by continuously working with the DPC, consulting them on minimum requirements when starting projects.
“We are reminding all institutions to focus on their use and adoption of technology and to align it with the nature, scope, and sensitivity of the data that they hold.
“Institutions should take note of the volumes of data involved in their activities and their ability to afford state-of-the-art technology to ensure that data of individuals are respected, and their privacy is continuously protected against malicious actors in this digitized ecosystem,” it said.
The statement stated that Ghanaians were empowered by the Data Protection Law and encouraged them to continue to learn about their rights under the Act and to demand accountability.
“Some of the rights are for your privacy to be respected, to be informed, to correct, and the right to ask for your data not to be used in a way that infringes your privacy among others,” it said.
As part of activities marking the Data Protection Week, which started on Monday, the DPC embarked on a nationwide sensitisation on Data Protection and Privacy within Tamale, Takoradi, Kumasi, Volta, Eastern and Greater Accra Regions.
The statement called on data controllers to take additional steps to ensure accountability to the people they served by understanding their responsibilities and the requirements of the Law.
The Commission reminded data controllers and data subjects of the three T’s- Transparency, Trust and contributing to the Transformation of the nation- and urged to be mindful of their choice of technology, the processes used in the organization and the people who processed personal data.
Data Privacy Day fell on Sunday, January 28, 2024. The theme for this year was, “Building Trust Through Data Protection.”
According to the statement, the Commission expected the employment of state-of-the-art technology, integrity in personnel, and processes that are documented and shared with staff so that they can process per the law’s requirements.
It said that as part of this year’s awareness campaign, the DPC recommends that all associations, clubs, and groups collaborate with the Commission by obtaining a Data Protection license as an eligibility requirement.
“By so doing they will be asking all their new and old members to be compliant with the requirements of the Data Protection Act by registering and renewing with the Commission as required by the law under Section 46(3) and section 50 respectively. The Commission will then support your institution in implementing your internal privacy program knowing your purposes and legitimate grounds.”
The statement said the Commission’s policy was that all medium to large institutions with large processing or with sensitive personal data, should appoint and train a data protection supervisor who the Commission would guide and assist in implementing an internal privacy programme to ensure that the institution was continuously being compliant or working actively towards accountability to Ghanaians.
It stated that with the increased use of information technology, as well as advancements in artificial intelligence and other emerging technologies, it was critical that the DPC guaranteed that data was handled appropriately and ethically for the general well-being of Ghanaians.
The Commission would do his by documenting certain key strategies like the National Data Governance Strategy, National Ethical Use of AI Strategy, and the National AI Strategy Document, which would guide institutions to know what to do with these advanced and emerging technologies.
The statement said the Commission would soon launch those strategies with the input of relevant institutions and in consultation with key stakeholders and data controllers.
GNA
KAS
01 Feb. 2024