The National Identification Authority (NIA) has introduced new guidelines governing how organisations that access data from the National Identity Register (NIR) must store, secure, and dispose of personal information. The directive took effect on Thursday, March 19, 2026.
Issued under the National Identity Register Act, 2008 (Act 750), as amended by Act 950 of 2017, the guidelines apply to “user agencies”—including banks, telecom companies, government institutions, and other entities that routinely access NIR data for verification and administrative purposes.
According to the NIA, the new measures are intended to ensure that personal data is handled responsibly, stored securely, and retained only for as long as necessary. The Authority says the move will help reduce the risk of unauthorised access, misuse, or data loss, while aligning Ghana’s data practices with international standards.
The legal backing for the directive comes from Sections 59 and 61 of Act 750, which empower the NIA to set retention limits and provide guidance on how personal data should be managed once collected.
In practical terms, organisations that rely on NIR data—whether for SIM card registration, financial services onboarding, or public administration—will now have to comply with clearly defined rules on data retention and security.
The move comes as Ghana continues to expand its digital identity ecosystem, with the Ghana Card now playing a central role in everyday transactions, from opening bank accounts to accessing public services. The growing volume of personal data handled by institutions has made stronger data governance increasingly necessary.
While Ghana’s Data Protection Act, 2012 (Act 843) already sets out general requirements for handling personal information, the NIA says the new guidelines provide more specific direction for agencies that access data from the National Identity Register.
User agencies are expected to study and implement the guidelines immediately.