GDPR implications on SA

GDPR implications on SA

Many South African’s don’t realise it but there are EU GDPR implications on SA.   So what is GDPR and what are the implications on SA? Find out about them here.

The EU General Data Protection Regulation (GDPR) is a new privacy and data protection law which was adopted in Europe in April 2016. It is being adopted by all countries in the European Union without additional legislation in individual countries. The GDPR will become effective on 25 May 2017 and applies to all countries in Europe, including the UK in spite of Brexit.  It also applies to countries outside Europe although there are few exceptions where countries are seen as having adequate security and data protection practices.

The scope of the EU GDPR is global as far as the processing of personal data of EU citizens is concerned. That means any organisation operating anywhere in the world can find itself liable for enforcement action to be taken by a regulatory authority based in the EU. This also opens the door to a variety of other actions being taken by interested parties, such as civil damages claims. Penalties for organisations failing to comply with the GDPR provisions can be as high as 4% of global revenues, whether acting in the role of controller (responsible party) or role of processor (operator or third party role).

Please visit our Key Criteria for EU GDPR Applicability outside Europe page for more information.

Why should we be concerned about GDPR? The main reason is that we need to be prepared for doing business with companies in European countries or they will see us as a high risk from a personal information protection perspective and won’t do business with us.   In addition to this, a major difference lies in the penalties they can impose i.e. the GDPR penalties can be up to 4% of an organisation’s global annual turnover whereas POPI / POPIA has a maximum R10 million fine or time behind bars.  In other words, GDPR penalties are much higher than the POPI / POPI penalties so it could hurt us more than POPI / POPIA financially if we ignore it.

You can start to get to understand the EU GDPR better by downloading the documents on this page.


EU Directive 2016-680

A29 DPWP Guidelines on Data Protection Officers

A29 DPWP Guidelines for identifying a controller or processor’s lead supervisory authority

A29 DPWP Guidelines on the right to data portability

IACT-Africa EU GDPR Compliance Methodology v1.0

Download all of above as a zip file below:

EU GDPR Documents as a zip file

For more information about EU GDPR and how we can help you, please click here to contact us or you are welcome to visit our dedicated EU GDPR website, please click on the link below:

EU GDPR Solutions website