Is your organisation ready for POPI and the GDPR?
POPI is largely based on the European Union Data Protection Directive (“EU Directive”) and also has a Commonwealth influence. While many South African businesses are already in the process of putting systems in place to ensure compliance with POPI, they should not neglect to take into consideration whether they must also comply with the General Data Protection Regulation (“GDPR”), which is set to replace the EU Directive on 25 May 2018. Unlike the EU Directive, the GDPR creates one set of rules to be implemented uniformly across the EU, with no room for interpretation or differing implementation by each EU member state.
Why is an EU law important to organisations in South Africa? The GDPR applies to personal data processing in EU member states, as well as to the transborder transfer of such data. It also specifically applies to businesses that are not established in the EU, but that offer goods or services to EU-based individuals (free or paid) and websites or other online services accessed by, or targeting, EU-based individuals, particularly in the country’s local language.
There are severe penalties for non-compliance with the GDPR, including a fine of up to 4% of an organisation’s annual global turnover or EUR20-million (whichever is greater). This may have debilitating consequences for non-compliant organisations in South Africa.
South African companies are therefore urged to take steps to ensure compliance not only with POPI, but also with the GDPR, where applicable, to avoid heavy fines.
- Corporate Governance in advance of an IPO
- The Legal 500 & The In-House Lawyer Comparative Legal Guide: Philippines: Mergers & Acquisitions
- Legal Challenges in Servicing Marijuana Growers
- Foreign Companies Pursuing Business in China: Proceed with Caution
- ENSafrica appoints new banking and finance director
- ENSafrica launches ENSafrica intelligENS
- ENSafrica newsflash
WSG Member: Please login to add your comment.