https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / Other Briefs RSS ← Back
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

GDPR applicability to South African businesses – not just for the EU after all!

Close

Embed Video

GDPR applicability to South African businesses – not just for the EU after all!

GDPR applicability to South African businesses – not just for the EU after all!

28th June 2018

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

Businesses operating in South Africa are currently facing the imminent implementation of the Protection of Personal Information Act 4 of 2013 (POPI); however there is much debate as to whether businesses need to also comply with the EU’s counterpart to POPI, the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018.

GDPR is clearly not South African law but it governs the manner in which businesses collect, process and store personal data that could lead to the identification of an individual who is resident in the EU or is a citizen of any member country of the EU, including the UK, regardless of his/her country of residence at any given time. Such individuals have the right to know how, what, when, where and why their personal data is being processed.

Advertisement

Accordingly, GDPR will apply to businesses in South Africa that:

  • Process or control personal data of a citizen or temporary resident of an EU member state;
  • Have employees based in an EU member state;
  • Employ EU expatriates in South Africa;
  • Partner with an EU business that processes personal data of those individuals who are afforded protection; or
  • Process personal data pertaining to an EU citizen such as monitoring user’s behaviour via their website through the use of cookies.

Should a business process or control personal data in any of the above circumstances, the business must take steps to ensure compliance with GDPR, by:

Advertisement
  • Conducting a comprehensive due diligence of its business in order to ascertain how, why, where, when and what personal data of individuals is processed;
  • Develop a strategic plan as to the measures to be taken to ensure compliance;
  • Update its current website terms and conditions and privacy policy;

Draft a GDPR policy

If GDPR is applicable to a business, one must determine whether a Data Protection Officer (DPO) needs to be appointed within the organisation. GDPR provides that if GDPR is applicable to the business, it may be compulsory for the business to appoint a DPO if (i) the processing is carried out by a public authority; (ii) the business’s core operations include the processing of data through mass systematic and regular processing; or (iii) it processes sensitive data of a data subject on a large scale.

Aside from the high non-compliance penalties (€20 million or a fine up to 4% of the business’s global revenues (whichever is the greater)), the main reason South African businesses need to comply with GDPR is because the EU is one of South Africa’s largest trading partners and EU businesses are unable to trade with South African businesses unless they comply with the requirements of GDPR.

With globalisation and the ease of cross border transactions, it is essential that South African businesses constantly ensure that they have a global view on data protection in order to ensure compliance and avoid penalties.

Written by Anola Naidoo, Attorney, KISCH IP

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options
Free daily email newsletter Register Now