The Data Protection Commission is set to embark on a nationwide enforcement action from the 14th of August 2023 holding accountable Data Controllers to the provisions of the Data Protection Act 2012 (Act 843).
The enforcement action will involve arrests, spot checks, raids and data protection audits.
Package
Following the Commission awareness on Data Protection and provisions stipulated under the Act the 14th Of August has been declared to begin a nationwide enforcement action that will hold accountable Data Controllers.
The scaling up of enforcement of the Data Protection Act 2012, (Act 843) will be in the following areas:
Section 46 (3)
A Data controller must register with the Data Protection Commission
Section 50
Registration with the Commission shall be renewed every two years
Section 56
Failure to register with the Commission is an offense liable to summary conviction to a fine or a term of imprisonment
Section 82
Conditional request for personal data for the provision of goods and services is an offense
Section 88
Prohibition to sale of personal data
Section 95
General penalties under the Act for non-compliance.
The Commission has indicated that the enforcement action may involve arrests of Ultimate Decision Makers/Heads of Institutions who have neglected their legal responsibilities and/or defaulted.
The public is hereby informed to expect visits from Officers of the Enforcement Unit of the Data Protection Commission from August 14, 2023.
With regard to exempted institutions under the act, the Commission indicated that Public Institutions under that category are to note that all the above sections apply.
Organizations are advised to inspect ID cards of officers of the Enforcement Unit and cooperate fully in this all-important national exercise.
