Is your organisation ready for POPI and the GDPR?
POPI is largely based on the European Union Data Protection Directive (“EU Directive”) and also has a Commonwealth influence. While many South African businesses are already in the process of putting systems in place to ensure compliance with POPI, they should not neglect to take into consideration whether they must also comply with the General Data Protection Regulation (“GDPR”), which is set to replace the EU Directive on 25 May 2018. Unlike the EU Directive, the GDPR creates one set of rules to be implemented uniformly across the EU, with no room for interpretation or differing implementation by each EU member state.
Why is an EU law important to organisations in South Africa? The GDPR applies to personal data processing in EU member states, as well as to the transborder transfer of such data. It also specifically applies to businesses that are not established in the EU, but that offer goods or services to EU-based individuals (free or paid) and websites or other online services accessed by, or targeting, EU-based individuals, particularly in the country’s local language.
There are severe penalties for non-compliance with the GDPR, including a fine of up to 4% of an organisation’s annual global turnover or EUR20-million (whichever is greater). This may have debilitating consequences for non-compliant organisations in South Africa.
South African companies are therefore urged to take steps to ensure compliance not only with POPI, but also with the GDPR, where applicable, to avoid heavy fines.
- The New UAE Pledge Law - Security Registration
- Philippine Chapter of Getting the Deal Through: Cybersecurity 2018
- The GDPR and the Data protection officer (DPO)
- HSR Update: Annual Jurisdictional Thresholds Revisions Effective February 28, 2018
WSG Member: Please login to add your comment.