Many South African’s don’t realise it but there are EU GDPR implications on SA. So what is GDPR and what are the implications on SA?
The EU General Data Protection Regulation (GDPR) is a new privacy and data protection law which was adopted in Europe in April 2016. It is being adopted by all countries in the European Union without additional legislation in individual countries. The GDPR will become effective on 25 May 2017 and applies to all countries in Europe, including the UK in spite of Brexit. It also applies to countries outside Europe although there are few exceptions where countries are seen as having adequate security and data protection practices.
In South Africa, we are barely getting to grips with POPI / POPIA and we have to get our heads around a piece of European privacy/data protection legislation as well. So what is it and why should we be concerned about it?
GDPR is essentially a privacy law which has many similarities with POPI / POPIA and other privacy laws around the world. It also has specific requirements but then so does POPI / POPIA. Some of the differences amount to terminology differences while others are mandatory requirements.
As already mentioned, GDPR has implications on countries outside the EU, including South Africa. It applies to any organisation that holds or processes data on EU citizens, regardless of where it has is its headquarters. This includes companies that have employees in the EU, sell or market products or services in the EU, or partner with EU organisations.
Why should we be concerned about GDPR? The main reason is that we need to be prepared for doing business with companies in European countries or they will see us as a high risk from a personal information protection perspective and won’t do business with us. In addition to this, a major difference lies in the penalties they can impose i.e. the GDPR penalties can be up to 4% of an organisation’s global annual turnover whereas POPI / POPIA has a maximum R10 million fine or time behind bars. In other words, GDPR penalties are much higher than the POPI / POPI penalties so it could hurt us more than POPI / POPIA financially if we ignore it.
So, as is often the case, there is a carrot and a stick with compliance. We have solid experience in assisting organisations with their personal information and privacy initiatives. We can help you understand the issues and challenges regarding GDPR and POPI / POPIA and how to leverage these in a positive manner. Contact us today to discuss your privacy and data protection requirements.