As a national switch, safeguarding data is not optional; it is fundamental to the integrity, trust, and efficiency of payment systems. Every transaction, settlement, and service depends on security, lawfulness, and responsibility for data processing.
At GhIPSS, data protection is not just a regulatory requirement; it is a strategic priority embedded across our operations. We are committed to full compliance with the Data Protection Act, 2012, supported by our comprehensive Data Protection Policy and aligned with industry standards and global best practices.
Our policy is designed to ensure that GhIPSS protects the rights of all stakeholders, including staff, customers, and third parties. We do this while maintaining robust procedures for the secure collection, storage, handling, processing, and disposal of personal data. By doing so, we not only safeguard sensitive information but also protect the organisation from risks such as data breaches, loss of confidentiality, and reputational damage.
A Strong Governance Framework
Data protection at GhIPSS is underpinned by a clearly defined governance framework that assigns responsibility across all levels of the organisation. Executive Management provides leadership by implementing and reviewing data protection procedures, promoting a culture of compliance, and ensuring that risks and responsibilities are effectively managed.
A dedicated Data Protection Supervisor (DPS) plays a central role in driving compliance. The DPS advises management, conducts impact assessments, implements strategies, and leads training initiatives to ensure that data protection principles are fully integrated into daily operations.
Supporting this effort, the Legal and Compliance Unit ensures adherence to regulatory requirements, reviews third-party agreements, and facilitates data subject requests. Meanwhile, the Cybersecurity and IT teams maintain the integrity of our systems through continuous monitoring, regular security checks, and the implementation of appropriate safeguards.
Shared Responsibility Across the Organisation
At GhIPSS, data protection is a shared responsibility. All staff are required to handle data securely, follow established guidelines, and prevent unauthorised disclosure of information. Strong password practices, controlled access to confidential data, and adherence to internal policies are essential expectations for everyone.
To reinforce this culture, GhIPSS invests in continuous training and awareness programmes, ensuring that staff remain informed about evolving data protection laws, risks, and best practices.
Protecting Data Subject Rights
We are committed to upholding the rights of individuals whose data we process. These rights include access to personal data, correction of inaccuracies, withdrawal of consent, restriction or objection to processing, and protection against decisions based solely on automated processing. In addition, individuals have the right to be informed about data breaches that may pose significant risks and to lodge complaints with the Data Protection Commission.
Secure Systems and Continuous Improvement
Our systems, services, and infrastructure are continuously monitored and tested to meet stringent security standards. Regular audits, vulnerability scans, and evaluations of third-party service providers ensure that our data environment remains resilient and secure.
We also apply the principle of data minimization, i.e. collecting only what is necessary and relevant, while ensuring accountability and transparency in all data processing activities.
Compliance and Accountability
As a registered entity with the Data Protection Commission, GhIPSS remains fully committed to regulatory compliance. We recognise that maintaining trust requires not only strong systems but also accountability at every level.
Failure to comply with data protection requirements is taken seriously and may result in disciplinary action, including termination, in line with organisational policies and applicable laws.
Conclusion
Through a combination of strong governance, secure systems, continuous training, and a culture of accountability, GhIPSS continues to prioritise the safety, confidentiality, and integrity of all data entrusted to us.
Source: Legal and Compliance
