Search Business Insights

Business Directory

Explore Our Directory Of Certified Business Partners

16 May

How Does The GDPR And POPI Affect Your Business?


Adv. Carien van Dijk explains what the GDPR is and how it will affect your business in South Africa on its effective date of 25 May 2018

She also does a comparison with the upcoming South African privacy law, namely POPI.

The GDPR is the new data privacy law for all members of the European Union (“EU”) and it stands for the General Data Protection Regulation. In standard terms, it is the equivalent of the South African Protection of Personal Information legislation (“POPI”).

So how can a privacy law for the EU affect your business situated in South Africa? The GDPR goes into effect on 25 May 2018 and applies to organizations based in the EU itself, but also applies to anyone who engages in business with – or transfers any data to – or processes any data from a member of the EU. The GDPR provides a set of requirements that must be met in order to protect the privacy and confidentiality of personal information, and it aims to also protect the processing procedures of such personal information. For example, it will regulate how an employer processes and protects all salary information of its current and past employees. The GDPR provides high consequences for non-compliance with its regulations. According to the legislation, if found guilty of non-compliance it can result in a penalty of up to €20 million.

In South Africa

In comparison to the above is the South African POPI, which has been brought into legislation but has yet to receive an effective date. As soon as an effective date is confirmed, the legislation provides for a grace period to allow all South Africans (dealing with the personal information of any other South African) to put the necessary processes and policies in place in order to comply with the regulations. The POPI will also regulate how data can be obtained, stored, processed and destroyed. The consequences for non-compliance with POPI differs to its international counterpart in that it will result in a penalty of R10 million and/or 10 years imprisonment.

To ensure compliance with both these data policies, it is highly recommended that all South Africans conduct the necessary due diligence to determine whether any adherence is required with both the international GDPR and the local upcoming POPI. Should it be required, the necessary steps should be taken to audit all current processes and procedures to determine if it aligns to the requirements, and to put the necessary measures in place before the deadline. Those that will have the highest impact are businesses that are data rich (i.e. contains both personal information of their clients and of the staff they employ), for example:
• Banks
• Accountants/Bookkeepers
• Estate Agents
• Recruitment Agencies
• Any Business providing credit
• Cellphone Service Providers
• Lawyers/Advocates
• And many more…

But please note that POPI specifically will apply to all whom process, regardless of whether it is only the personal information of one single individual. Should you require any further information, guidance or assistance with the above, please contact The Supremacy Group.

By Adv. Carien van Dijk – Tax Director at The Supremacy Group


Business Essentials is Africa’s premium networking and business directory.

Read more from our Press Room:
Behold This Majestic Architectural Masterpiece in the Sandton Country Club Estate
2018 FIFA World Cup: What You Need To Know
Is Being Intelligent The Same As Being Comfortable Operating In A VUCA World?

Related Service Providers:

The Supremacy Group

Related Articles:

Welcome to the first Pilatus PC-24 in Africa

The Pilatus PC-24 will be based in South Africa at Cape Town International Airport ExecuJet, part of the Luxaviation Group, is announcing that it will be the first business aviation company to operate and manage a Pilatus PC-24 Super Versatile

[adrotate group="2"]

SAMRO Overseas Scholarships Competition for Composers 2018

By JT Communication Solutions 0 comment(s)

Company Culture – Myth or Magic?

By Educos ado EOH Abantu Pty Ltd 0 comment(s)

Importance of an Accurate IRP5 During Individual Tax Filing Season

By Educos ado EOH Abantu Pty Ltd 0 comment(s)

Millennials’ Jobs Fit their Lives, so should your Organization’s

By Educos ado EOH Abantu Pty Ltd 0 comment(s)

[adrotate group="3"]