Ghana: Ministry of Communication, Digital Technology and Innovations opened consultation on Data Protection Act, 2025 including cybersecurity regulation

On 20 October 2025, the Ministry of Communication, Digital Technology, and Innovations opened a consultation on the Data Protection Act, 2025, including cybersecurity regulation, until 31 October 2025. The Act would require data controllers and processors to adopt technical and organisational measures to prevent loss, damage, unauthorised destruction, unlawful access, or unlawful processing of personal data. Such measures include identifying risks and implementing regularly updated safeguards against them. Data controllers would have to provide contractually for the compliance of data processors. Upon breach, data controllers would be required to notify the Data Protection Authority within 72 hours. Controllers would be required to notify affected subjects to the extent necessary to take protective measures, including, if known, the identity of the unauthorised person.