Three managers were arrested on Monday by the Data Protection Commission (DPC) and the Criminal Investigations Department (CID) of the Ghana Police Service for breaching the Data Protection Act, 2012 (Act 843).

The three institutions are Hisense, an electronic goods dealership, Marwako Fast Foods and Agyabeng Akrasi and Co Limited, a law firm.

Two others – Quick Credit and Investment Micro-Credit and Bemuah Royal Hospital, were asked to report to the CID by Tuesday morning at the latest for further interrogation.

Hisense, Marwako Fast Foods and Agyabeng Akrasi and Co and Bemuah Royal Hospital, have been cited for failing to register with the Commission while processing personal data contrary to Section 56 of the Data Protection Act, 2012 (Act 843).

Quick Credit and Investment Micro-Credit, was on the other hand, cited for issuing threats to customers, harassing, naming and shaming them for defaulting on their loan obligations to the company.

The Commission found this a breach of their privacy.

The exercise, however, took a chaotic turn at the Hisense office in North Kaneshie when some staff of the company confronted journalists who had accompanied the enforcement team.

The exercise, led by the Enforcement Unit of the DPC, was to enforce compliance of the Data Protection Act, 2012 (Act 843) to protect the privacy of individuals and personal data by regulating the processing of personal information.

The provisions of the Act demand that data controllers register with the Data Protection Commission and renew their registration every two years.

Briefing the media after the exercise, Mr Quintin Akroboto, Director, Regulatory and Compliance for DPC, said those companies had failed to comply with the Act despite several letters and engagements to them.

He disclosed that the companies would be processed and prosecuted in accordance with the law.

“The Attorney General’s office is aware of this raid and so, they will be processed for court. Whatever after, as the law says, it’s either they are fined or they are imprisoned or both,” he said.

He added that the Commission would visit data controllers to ensure that they complied with the Act.

Ms Patricia Adusei-Poku, Executive Director, DPC, said some 250 companies were currently under surveillance from the Commission for various data protection breaches.

She warned that the Commission would not renege on its duty of ensuring that all data controllers adhered to the law.

“Those who are fortunate not to get the visit today should sit up and act because we mean business, we’re taking our responsibilities seriously though we have limited resources, we will do as much as possible.

“And so, if you happen not to be visited this week, it doesn’t mean that we are never coming, we will eventually come to you,” she cautioned.

Ms Adusei-Poku, therefore, urged institutions to register with the DPC to “avoid the reputational loss and also the consequential potential financial loss through claim for compensations or fines and sanctions and forth.”