Businesses, organisations, close family, friends and acquaintances all have access to some important personal data. And anyone who has such information needs to protect it and make sure it is not abused, sold, or fall into the hands of a criminal.
The need for data protection has been recognised for over a decade, with Data Protection Day celebrated internationally on January 28. Data Protection Day is the ideal time to find out which data protection laws are in force in Ghana, and how companies and institutions are implementing them.
Data protection laws make sure customers’ data are used only for the purpose they shared it. They stipulate how data must be stored, used and when necessary purged. In addition, they regulate the sharing of personal information, making sure that personal details are only shared if there is a lawful reason, such as explicit consent or a public interest, like in the case of preventing a crime.
One of the most well-known data protection laws is the General Data Protection Regulation (GDPR) which was adopted by the European Parliament in 2016. The regulation outlines the restrictions on data handling and sharing by government and corporations.
GDPR regulations protect the privacy and personal information rights of individuals. Data breaches can attract heavy fines. A case in point was when one of the four big technology companies was fined €57 million for breaching online privacy rules at the beginning of 2019.
GDPR raises the standards of personal data privacy across not just Europe but also the world by changing the rules of companies that collect, store or process user information. Every company that operates in Europe, trades with Europe, or has European users is required to comply with GDPR standards, other countries are also introducing and updating their data protection laws, many in line with GDPR.
Approximately 100 new data protection laws have been put into practice across the globe in the last 12 months with many countries implementing data protection laws for the first time. This is not only to align with the GDPR, it is also because consumers are holding companies accountable for the information they hold, and how they use it, abuse it or lose it. Consumers are putting pressure on businesses to secure their personal information. Countries are realising that if they want to protect these industries, they have to create a sound framework for data protection.
Ghana was one of the first African countries to implement data protection laws when the Ghana Data Protection Act that protects the rights of privacy and individuals came into force at the end of 2012. This is overseen by the Data Protection Commission (DPC). The country has also ratified the Malibu Convention on cyber security and data protection.
Ghana’s data protection regulations secure customers so they know there are systems in place to ensure their data stays private and confidential.
When customers give companies their information, they are giving them their trust that they will in turn protect their data. Having a data protection system and following data protection laws show that you take this trust and the responsibility for the data you have seriously. Businesses that embrace data protection laws and implement them have a competitive edge over those who don’t.
An example of such companies is VFS Global. Although it is in the visa and consular services arena, it is primarily in the business of trust. VFS Global complies with the requirements of the GDPR and its customers expect it to protect their data, have good systems in place, and be able to identify any breaches quickly so it can prevent data losses and theft. It is easier for international businesses to operate when countries have data protection laws in place. So, when it uses contractors and other service providers in these countries, it knows they will protect its customers’ personal information.
It is also imperative that all companies – big and small ensure the data they hold is protected and processed in a manner that guarantees the privacy of the individual concerned.
There could be breaches at big businesses, but hackers are increasingly targeting smaller businesses, because they know these organisations are less likely to have the correct protection mechanisms in place.
Countries and companies who do not yet have data protection systems in place are encouraged to set these up. A business thrives because of how it uses data but will only survive if it protects data.
Barry Cook, the author, is the Privacy and Group Data Protection Officer at VFS Global