Search Business Insights

Business Directory

Explore Our Directory Of Certified Business Partners

16 May

How Does The GDPR And POPI Affect Your Business?


Adv. Carien van Dijk explains what the GDPR is and how it will affect your business in South Africa on its effective date of 25 May 2018

She also does a comparison with the upcoming South African privacy law, namely POPI.

The GDPR is the new data privacy law for all members of the European Union (“EU”) and it stands for the General Data Protection Regulation. In standard terms, it is the equivalent of the South African Protection of Personal Information legislation (“POPI”).

So how can a privacy law for the EU affect your business situated in South Africa? The GDPR goes into effect on 25 May 2018 and applies to organizations based in the EU itself, but also applies to anyone who engages in business with – or transfers any data to – or processes any data from a member of the EU. The GDPR provides a set of requirements that must be met in order to protect the privacy and confidentiality of personal information, and it aims to also protect the processing procedures of such personal information. For example, it will regulate how an employer processes and protects all salary information of its current and past employees. The GDPR provides high consequences for non-compliance with its regulations. According to the legislation, if found guilty of non-compliance it can result in a penalty of up to €20 million.

In South Africa

In comparison to the above is the South African POPI, which has been brought into legislation but has yet to receive an effective date. As soon as an effective date is confirmed, the legislation provides for a grace period to allow all South Africans (dealing with the personal information of any other South African) to put the necessary processes and policies in place in order to comply with the regulations. The POPI will also regulate how data can be obtained, stored, processed and destroyed. The consequences for non-compliance with POPI differs to its international counterpart in that it will result in a penalty of R10 million and/or 10 years imprisonment.

To ensure compliance with both these data policies, it is highly recommended that all South Africans conduct the necessary due diligence to determine whether any adherence is required with both the international GDPR and the local upcoming POPI. Should it be required, the necessary steps should be taken to audit all current processes and procedures to determine if it aligns to the requirements, and to put the necessary measures in place before the deadline. Those that will have the highest impact are businesses that are data rich (i.e. contains both personal information of their clients and of the staff they employ), for example:
• Banks
• Accountants/Bookkeepers
• Estate Agents
• Recruitment Agencies
• Any Business providing credit
• Cellphone Service Providers
• Lawyers/Advocates
• And many more…

But please note that POPI specifically will apply to all whom process, regardless of whether it is only the personal information of one single individual. Should you require any further information, guidance or assistance with the above, please contact The Supremacy Group.

By Adv. Carien van Dijk – Tax Director at The Supremacy Group


Business Essentials is Africa’s premium networking and business directory.

Read more from our Press Room:
Behold This Majestic Architectural Masterpiece in the Sandton Country Club Estate
2018 FIFA World Cup: What You Need To Know
Is Being Intelligent The Same As Being Comfortable Operating In A VUCA World?

Related Service Providers:

The Supremacy Group

Related Articles:

Aucor and De Beers break new ground in Limpopo

  Aucor and De Beers announce the opening of Aucor Limpopo South African-based auction house, Aucor, are continuing to lead the way in terms of transformation within the auction industry. In a ground-breaking and first-of-its-kind partnership, Aucor and De Beers

Robo Advisor – Artificial Insurance or Intellisurance?

  Where do South Africans lie on the new trend of Robo Advisors? There has been much commentary internationally about the introduction of AI into business, in particular, Robo- advisors within the financial services industry, but where do South Africans

[adrotate group="2"]

The Choices Social Investors Make

By Tshikululu Social Investments 0 comment(s)

The Difference Between Generic and Original Medication

By Selfmed Medical Scheme 0 comment(s)

[adrotate group="3"]