Ghana: Ministry of Communication, Digital Technology and Innovations opened consultation on Data Protection Act, 2025 including cross-border data transfer regulation

On 20 October 2025, the Ministry of Communication, Digital Technology, and Innovations opened a consultation on the Data Protection Act, 2025, including cross-border data transfer regulation, until 31 October 2025. The Act would allow personal data transfers outside Ghana only under certain conditions. These include obtaining the data subject’s written, free, explicit, and informed consent after they have been made aware of potential risks. Transfers would also be permitted when necessary for recognised purposes, such as fulfilling a contract, exercising legal claims, or protecting a data subject’s vital interests. In addition, transfers would require an assessment to ensure adequate safeguards are in place, such as approved contractual clauses, binding corporate rules, or other mechanisms authorised by the Data Protection Authority. Transfers involving large-scale data or children’s data, biometric data, health records and genetic data require additional authorisation by the Authority. The Authority can require processors to demonstrate the effectiveness of safeguards and the existence of legitimate interests. Finally, transfers by controllers processing large-scale data, likely to pose real risks to data subject rights must conduct a transfer impact assessment, subject to approval by the Authority.