Adv. Carien van Dijk explains what the GDPR is and how it will affect your business in South Africa on its effective date of 25 May 2018
She also does a comparison with the upcoming South African privacy law, namely POPI.
The GDPR is the new data privacy law for all members of the European Union (“EU”) and it stands for the General Data Protection Regulation. In standard terms, it is the equivalent of the South African Protection of Personal Information legislation (“POPI”).
So how can a privacy law for the EU affect your business situated in South Africa? The GDPR goes into effect on 25 May 2018 and applies to organizations based in the EU itself, but also applies to anyone who engages in business with – or transfers any data to – or processes any data from a member of the EU. The GDPR provides a set of requirements that must be met in order to protect the privacy and confidentiality of personal information, and it aims to also protect the processing procedures of such personal information. For example, it will regulate how an employer processes and protects all salary information of its current and past employees. The GDPR provides high consequences for non-compliance with its regulations. According to the legislation, if found guilty of non-compliance it can result in a penalty of up to €20 million.
In South Africa
In comparison to the above is the South African POPI, which has been brought into legislation but has yet to receive an effective date. As soon as an effective date is confirmed, the legislation provides for a grace period to allow all South Africans (dealing with the personal information of any other South African) to put the necessary processes and policies in place in order to comply with the regulations. The POPI will also regulate how data can be obtained, stored, processed and destroyed. The consequences for non-compliance with POPI differs to its international counterpart in that it will result in a penalty of R10 million and/or 10 years imprisonment.
To ensure compliance with both these data policies, it is highly recommended that all South Africans conduct the necessary due diligence to determine whether any adherence is required with both the international GDPR and the local upcoming POPI. Should it be required, the necessary steps should be taken to audit all current processes and procedures to determine if it aligns to the requirements, and to put the necessary measures in place before the deadline. Those that will have the highest impact are businesses that are data rich (i.e. contains both personal information of their clients and of the staff they employ), for example:
• Estate Agents
• Recruitment Agencies
• Any Business providing credit
• Cellphone Service Providers
• And many more…
But please note that POPI specifically will apply to all whom process, regardless of whether it is only the personal information of one single individual. Should you require any further information, guidance or assistance with the above, please contact The Supremacy Group.
By Adv. Carien van Dijk – Tax Director at The Supremacy Group
Business Essentials is Africa’s premium networking and business directory.
Read more from our Press Room:
Behold This Majestic Architectural Masterpiece in the Sandton Country Club Estate
2018 FIFA World Cup: What You Need To Know
Is Being Intelligent The Same As Being Comfortable Operating In A VUCA World?
Related Service Providers:
Themed ‘Logistics through Innovation and technology’, the SAAFF Congress 2018 will focus on innovative technology With the SAAFF Congress 2018 only weeks away, industry stakeholders are preparing for an exciting and full Programme. “With 16 presentations, 3 social/networking events and
Why are you better off hiring an incentive travel company? There are a lot of companies out there planning incentive travel programmes using only internal resources. Often, that means assigning a meeting planner or charging someone in sales or marketing
The Pilatus PC-24 will be based in South Africa at Cape Town International Airport ExecuJet, part of the Luxaviation Group, is announcing that it will be the first business aviation company to operate and manage a Pilatus PC-24 Super Versatile