Adv. Carien van Dijk explains what the GDPR is and how it will affect your business in South Africa on its effective date of 25 May 2018
She also does a comparison with the upcoming South African privacy law, namely POPI.
The GDPR is the new data privacy law for all members of the European Union (“EU”) and it stands for the General Data Protection Regulation. In standard terms, it is the equivalent of the South African Protection of Personal Information legislation (“POPI”).
So how can a privacy law for the EU affect your business situated in South Africa? The GDPR goes into effect on 25 May 2018 and applies to organizations based in the EU itself, but also applies to anyone who engages in business with – or transfers any data to – or processes any data from a member of the EU. The GDPR provides a set of requirements that must be met in order to protect the privacy and confidentiality of personal information, and it aims to also protect the processing procedures of such personal information. For example, it will regulate how an employer processes and protects all salary information of its current and past employees. The GDPR provides high consequences for non-compliance with its regulations. According to the legislation, if found guilty of non-compliance it can result in a penalty of up to €20 million.
In South Africa
In comparison to the above is the South African POPI, which has been brought into legislation but has yet to receive an effective date. As soon as an effective date is confirmed, the legislation provides for a grace period to allow all South Africans (dealing with the personal information of any other South African) to put the necessary processes and policies in place in order to comply with the regulations. The POPI will also regulate how data can be obtained, stored, processed and destroyed. The consequences for non-compliance with POPI differs to its international counterpart in that it will result in a penalty of R10 million and/or 10 years imprisonment.
To ensure compliance with both these data policies, it is highly recommended that all South Africans conduct the necessary due diligence to determine whether any adherence is required with both the international GDPR and the local upcoming POPI. Should it be required, the necessary steps should be taken to audit all current processes and procedures to determine if it aligns to the requirements, and to put the necessary measures in place before the deadline. Those that will have the highest impact are businesses that are data rich (i.e. contains both personal information of their clients and of the staff they employ), for example:
• Estate Agents
• Recruitment Agencies
• Any Business providing credit
• Cellphone Service Providers
• And many more…
But please note that POPI specifically will apply to all whom process, regardless of whether it is only the personal information of one single individual. Should you require any further information, guidance or assistance with the above, please contact The Supremacy Group.
By Adv. Carien van Dijk – Tax Director at The Supremacy Group
Business Essentials is Africa’s premium networking and business directory.
Read more from our Press Room:
Behold This Majestic Architectural Masterpiece in the Sandton Country Club Estate
2018 FIFA World Cup: What You Need To Know
Is Being Intelligent The Same As Being Comfortable Operating In A VUCA World?
Related Service Providers:
Property Point, the Growthpoint Properties initiative, has officially facilitated more than R1bn successful procurement opportunities for small businesses operating in South Africa’s property sector Property Point was launched by Growthpoint Properties in 2008, and this year represents a decade of
Travel has been seen as the ultimate incentive since the 1970’s and 1980’s when it really started to gain traction as a motivating reward The main reason why incentive travel is so successful is because it taps into our human
And the winner is… On October 2, the Global Sourcing Association (GSA) in cooperation with Business Process Enabling South Africa (BPESA) announced the winners of the 2018 GSA Global Sourcing Awards. IBA Group was selected the winner in the