In Effect Law Data Protection Context Relevance

Ghana DPA

Data Protection Act 2012 (Act 843)

Ghana's comprehensive data protection law establishing data subject rights including right to prevent automated decision-making and requiring breach notification.

Jurisdiction

Ghana

Enacted

May 16, 2012

Effective

Oct 16, 2012

Enforcement

Data Protection Commission (Ghana)

What It Requires

Transparency

Must disclose AI nature, data practices, or algorithmic decisions

User Rights

Must honor access, correction, and deletion requests

Data Minimization

Must limit data collection to what is necessary

Who Must Comply

This law applies to:

• Data controllers and processors in Ghana
• Entities processing personal data of Ghanaian residents
• Automated systems processing personal data

Capability triggers:

● automatedDecisionMaking (required)

● Required ◐ Increases applicability

Who bears obligations:

Data Controller Data Processor

Safety Provisions

• Right to prevent processing for automated decision-making (Section 41)
• Breach notification required
• Data controller registration with Data Protection Commission
• Security safeguards for personal data
• Sensitive data requires explicit consent

Enforcement

Enforced by

Data Protection Commission (Ghana)

Penalties

GHS 25K; criminal (up to 3yr)

Max fine: $25,000

Criminal liability(up to 3y)

Fines up to GHS 25,000 or imprisonment up to 3 years

Primary Source

Ghana Data Protection Commission (opens in new tab)

https://www.dataprotection.org.gh/

Quick Facts

Binding: Yes
Mental Health Focus: Yes
Child Safety Focus: No
Algorithmic Scope: Yes

Why It Matters

Ghana's Section 41 automated decision-making rights apply directly to AI chatbots making risk assessments or providing recommendations.

Cite This

APA

Ghana. (2012). Data Protection Act 2012 (Act 843). Retrieved from https://nope.net/regs/gh-dpa-2012

BibTeX

@misc{gh_dpa_2012,
  title = {Data Protection Act 2012 (Act 843)},
  author = {Ghana},
  year = {2012},
  url = {https://nope.net/regs/gh-dpa-2012}
}

Related Regulations

In Effect ZM • Data Protection

Zambia DPA

Zambia's comprehensive data protection law with special protections for vulnerable persons and DPIA requirements for high-risk processing.

In Effect BW • Data Protection

Botswana DPA

Botswana's modernized data protection law requiring Data Protection Impact Assessment and establishing age 16 for consent.

In Effect SC • Data Protection

Seychelles DPA

Seychelles' modern data protection law requiring DPO for large-scale processing and recognizing Cross-Border Privacy Rules certification.

In Effect RW • AI Safety

First African country to adopt comprehensive national AI policy. Establishes Responsible AI Office (RAIO) under MINICT. Implements RURA ethical guidelines covering beneficence, non-maleficence, autonomy, justice, explicability, transparency. Non-binding framework.

In Effect INTL • Child Protection

UNICEF AI for Children

Most specific international guidance on children and AI. Ten requirements for child-centered AI including development/wellbeing support, data/privacy protection, and safety.

In Effect NP • AI Safety

Nepal AI Policy

Nepal national AI policy establishing governance framework and development priorities. Creates AI Governance Council (chaired by Minister for Communications and IT), AI Regulation Council, National AI Centre, and AI Regulatory Authority. Six pillars including ethics, human resource development, and sectoral application.

Back to all regulations Check if this applies to you

Ghana DPA

What It Requires

Who Must Comply

Safety Provisions

Enforcement

Primary Source

Quick Facts

Why It Matters

Cite This

Related Regulations

Zambia DPA

Botswana DPA

Seychelles DPA

Rwanda AI Policy

UNICEF AI for Children

Nepal AI Policy