The brief structure of the act is mention below.
Data Protection Act, 2012 regulates the process personal information is acquired, kept, used or disclosed by data controllers and data processors by requiring compliance with certain data protection principles. Non-compliance with provisions of the Act may attract either civil liability, or criminal sanctions, or both, depending on the nature of the infraction. The Act also establishes a Data Protection Commission, which is mandated toensure compliance with its provisions, as well as maintain the Data Protection Register.
Key terms in the Act are defined in the interpretation section, section 96. Unless the context otherwise requires, section 96 provides the following definitions to the notable terms:
“data controller” means a person who either alone, jointly with other persons or in common with other persons or as a statutory duty determines the purposes for and the manner in which personal data is processed or is to be processed
“data processor” in relation to personal data means any person other than an employee of the data controller who processes the data on behalf of the data controller
“data subject” means an individual who is the subject of personal data
“foreign data subject” means data subject information regulated by laws of a foreign jurisdiction sent into Ghana from a foreign jurisdiction wholly for processing
“personal data” means data about an individual who can be identified, (a) from the data, or (b) from the data or other information in the possession of, or likely to come into the possession of the data controller
“processing” means an operation or activity or set of operations by automatic or other means that concerns data or personal data and the (a) collection, organisation, adaptation or alteration of the information or data, (b) retrieval, consultation or use of the information or data, (c) disclosure of the information or data by transmission, dissemination or other means available, or (d) alignment, combination, blocking, erasure or destruction of the information or data
“recipient” means a person to whom data is disclosed, including an employee or agent of the data controller or the data processor to whom data is disclosed in the course of processing the data for the data controller, but does not include a person to whom disclosure is made with respect to a particular inquiry pursuant to an enactment
“special purposes” means any one or more of the following: (a) the purpose of journalism, (b) where the purpose is in the public interest, (c) artistic purposes, and (d) literary purposes.
accountability principle of data protection is seen generally as a fundamental principle of compliance. It requires that a data controller should be accountable for compliance with measures which give effect to data protection principles.