Ghana: Processing by Entity Registered or Incorporated in Jurisdiction

The Data Protection Act, 2012 of Ghana explicitly includes incorporation or registration within the country as a factor for determining the law's applicability. Article 45(3) provides a list of entities that are considered "established in this country" for the purposes of the Act.

Specifically, Article 45(3b) states that "a body incorporated under the laws of this country" is treated as established in Ghana. This provision clearly extends the Act's applicability to all companies incorporated under Ghanaian law.

Furthermore, Article 45(3c) broadens this scope to include "a partnership, persons registered under the Registration of Business Names Act, 1962 (Act 151) and the Trustees (Incorporation) Act, 1962 (Act 106)". This provision ensures that various forms of business entities, including partnerships and registered business names, fall under the Act's purview.

The significance of this establishment criterion is underscored by Article 45(1a), which states that the Act applies to a data controller "where the data controller is established in this country and the data is processed in this country". This provision links the concept of establishment to the Act's applicability, making it a key factor in determining whether a data controller falls under the jurisdiction of Ghana's data protection law.

Implications

The implications of these provisions are significant for businesses operating in Ghana:

  1. All companies incorporated under Ghanaian law are automatically subject to the Data Protection Act, regardless of where their actual data processing activities take place.
  2. Partnerships and businesses registered under specific Ghanaian acts (Registration of Business Names Act and Trustees Incorporation Act) are also considered established in Ghana and thus fall under the Act's jurisdiction.
  3. Foreign companies that are not incorporated in Ghana but process data in the country may still be subject to the Act under other provisions, such as Article 45(1b) which covers data controllers using equipment or processors in Ghana.
  4. Companies incorporated in Ghana must comply with the Act's requirements even if they outsource their data processing activities to entities outside the country, as long as the processing occurs within Ghana.
  5. Multinational corporations with subsidiaries incorporated in Ghana need to ensure that these entities comply with the Ghanaian Data Protection Act, even if the parent company is not based in Ghana.

Jurisdiction Overview