The General Data Protection Legislation is the most important change in data privacy regulation in 20 years.
Its fundamental aim is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.
As the international compliance deadline of 25 May 2018 draws near, companies are rushing to implement the necessary controls. As a European, this is excellent news for the safety of your personal information – how, when, by whom and for how long your data is processed will be more stringently controlled than ever, but what does this legislation mean for a South African organisation?
Ross Saunders, the Director of Global Technology Services at Cura Software Solutions, shares some need-to-know information for the South African context.
According to Saunders, The GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU citizens.
“If your company processes and holds the personal data of citizens belonging to a European Union member state, then you will be required to comply with the GDPR. Non-compliance with the GDPR can result in fines of up to 20-million euros or 4% of global turnover, whichever is higher.” says Saunders.
Considering the EU is one of South Africa’s biggest trade partners, South Africa is going to have to be cognizant of this data protection law, in addition to its own Protection of Personal Information Act (POPIA). That being said, the good news is that the GDPR and POPIA are relatively similar in their application, with numerous overlaps. This is good news for companies who have already done much to comply with POPIA. You won’t need to start again, but certain changes will have to be made to ensure compliance.
According to Saunders, the three key factors to consider when applying GDPR to the South African context are as follows:
* GDPR compliance makes business relations with European companies easier as they will be more comfortable sharing information with you.
* The GDPR places more obligations on data processors as compared to operators in POPIA.
* The EU is seen as a leading jurisdiction for data privacy legislation and is considered the gold standard for best practices.