Compliance with Data Protection Regulations Introduction Here at Griffin legal, we have a strong resolve to protect the interests of our clients. We try to understand the industries from which our clients operate and study the nature of your business to enable us provide you with cutting-edge information which allows you to get ahead in your business. Data protection has become one of the major concerns in recent times. There has arisen an urgent need to protect the privacy right of persons because of recent data breaches exposing the personal data of persons who in some cases had no idea that other persons were processing and controlling their data. Accordingly, many countries in an effort to regulate the protection of data have passed laws imposing responsibilities and obligations on legal and natural persons who process and control personal data as part of delivering their services. We know, through our past dealings with your company, as your advisors, that you provide security and profiling services to airlines here in Ghana, and as part of your work, you collect personal data on behalf of your client either on their instruction or on your own accord. It is our goal to educate you on the obligations imposed on your company by law, in activities which amount to processing and collecting personal information from persons and entities with whom you transact business. Data Protection Act, 2012 (Act 843) This law regulates the collection and enforces the protection of personal data in Ghana. It came into effect on 16 October, 2012 but registration of data controllers and processes began on 1 January, 2015. The law sets out the rules and principles governing the collection, use, disclosure and care for personal data or information by a data controller or processor. It recognises a person’s right to protect their personal data or information by mandating a data controller or processor to process (collect, use, disclose, erase, etc.) such personal data or information in accordance with the individual’s privacy rights provided by Article 18(2) of the 1992 Constitution of Ghana. Data Processing Obligations This law imposes a duty on all persons or entities which collect personal information such as names, telephone numbers, pictures, addresses etc. from their customers to register with the Data Protection Commission. The application of this law is not industry specific but applies to all industries. Who is a Data Controller? A data controller is a natural or legal person who controls and is responsible for the collection, keeping and use of personal information in computer systems or in manual files. If an organisation controls and has responsibility over the personal information it collects or holds, then that organisation is a data controller. That entity must be responsible for any of the following: Collect, hold and process personal information. Determine how personal information collected should be used. Determine what personal information should be collected and or kept.