The new GDPR data protection regulation from the European Union is serious – even if it doesn’t impact a business directly
After a prolonged grace period of two years, the General Data Protection Regulation (GDPR), a wide-reaching new piece of European legislation, is coming into full force. Though this law may seem a world away from South Africa, organisations in today’s global and connected environment should pay close attention – both for the sake of their business abroad and their legal stature in South Africa.
Daniel Lötter, Head: Bids and Tenders at managed service provider Itec Southern Africa, explained more:
“If you handle any information of an EU citizen or you have an EU citizen on your board, or anything like that, then you have to be GDPR compliant. If you want to do business with European resident countries, from a supplier or a vendor point of view, you also have to be compliant.”
The direct consequence of GDPR is serious, including fines of up to 4 percent annual global turnover or a flat €20 million – whichever is more. Even if local companies are not in the firing line, GDPR could severely impact their relationships with European companies:
“Compliance is very serious. GDPR has been in a honeymoon period since 2016 and that has come to an end. It brings some very stiff penalties along with it and European regulators will want to show it has teeth. Once one or more companies receive fines, many will follow the rules. That means anyone part of their value chain who isn’t compliant will at the least be cut off. So even if the prospect of direct fines and penalties can be low for South African companies, the knock-on effects will still make this felt. You have to find out how exposed you are.”
GDPR is more than just a law. It is being treated as an example of the shifting regulatory environment around data usage. As revealed by the recent problems at Facebook, as well as countless data breaches of companies around the world, data management, ownership and control are becoming hot topics that are sticking around. So, governments and societies are responding to protect this resource, as well as the sources that provide the data.
South Africa has its own data-centric legislation, the Protection of Personal Information (PoPI) act. GDPR’s arrival is a sign that local organisations must look closely at their compliance.
“The similarities between GDPR and PoPI are huge,” said Lötter. “There are some small and crucial differences around transactional data, but otherwise they are very similar. Even if a local business doesn’t require GDPR compliance, chances are much greater that they need to be in step with PoPI. In that light, GDPR is an opportunity for local businesses to reflect on their PoPI status and start making the right changes.”
GDPR and PoPI compliance impact many different parts of a company. But a prime component is data security, which is why Itec is launching a new security solution to help local companies of all sizes:
“We have launched a partnership with First Distribution to bring the Veritas security solution to our customers. This will create a security service with different tiers for various types of organisations. The solution is actually geared towards PoPI compliance. So this will help focus on customer information, which lies core to both GDPR and PoPI requirements.”
Contact ITEC for more information.
Business Essentials is Africa’s premium networking and business directory.
Read more from our Press Room:
Essentials for Information Security
Beyond the Scorecard
Enterprise Supplier Development – ESD – Must Result in Real Impact