Trying to understand what GDPR is all about? Simply put, the GDPR is a legal framework that sets guidelines for the collection and processing of personal information from individuals.
The GDPR (General Data Protection Regulation) not only applies to businesses within the EU, but also to businesses outside the UN if such a business offer goods or services to residents of the EU or monitor their behaviour. The GDPR was enforced on the 25th of May 2018 by the EU (European Union Law) and was drafted to coordinate any previous and/or current legislation in one document. This means that every resident of the EU’s rights to data privacy is protected in these regulations. Any law or regulation approved by the EU, is generally applicable within the member states of the European Union.
The GDPR also stipulates that if a business process and holds data of residents of the EU, they will have to comply with the requirements of the GDPR. Firstly, we must emphasise that the GDPR is not South African Law and that POPIA (Protection of Personal Information Act, Act 4 of 2013) applies to us. However, certain requirements contained in the GDPR will affect South African Business owners who fall within the exceptions.
This means that South African businesses which participate in business within any UN state or have a partnership with an EU business will fall within the scope of the GDPR. Businesses in South Africa that have a presence in the EU will therefore need to be alert of the new requirements under the GDPR to endure their businesses in a data protection compliant manner. A matter of concern is the enforcement date, which was the 25th of May 2018. If it seems that a business is not compliant with the GDPR, such a business can be reported to a Data Protection Authority in an EU country. Such an Authority can conduct an investigation, and if found that the business is not compliant, it will direct the business to become compliant. Failure to become compliant can result in receiving a fine of up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.
Like POPIA, the GDPR’s goal is to safeguard against any privacy and data breaches in a new worldwide setting where business has become interwoven with technology and where most of the data is transmitted electronically. Although it is still the primary objective for South African businesses to be compliant with POPIA, they do have a responsibility not to neglect the GDPR, especially if they fall within the above-mentioned exceptions and considering that the EU is one of South Africa’s biggest trade partners.
Fortunately for South African Businesses, the GDPR and POPIA legislation are fairly similar in their application. This means that if a business is already compliant with POPIA, it will only have to make certain adjustments to ensure that they are compliant with GDPR.
Contact your SEESA Consumer Protection & POPI Legal Advisor to assist your business with any POPIA related queries you might have. Alternatively, SMS the word “SEESA” to 45776 for an expert legal advisor to contact you.
About the Author:
Altus de Wet is a SEESA Consumer Protection & POPI Legal Advisor at SEESA’s Bloemfontein branch.
Resources:
General Data Protection Regulation (GDPR): What you need to know to stay compliant
Visited on: 02/10/2021 – https://www.csoonline.com/article/3202771/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.htm
What is GDPR? The summary guide to GDPR compliance in the UK Visited on:02/2021 – https://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018
GDPR vs POPIA | Compare the GDPR with the POPI Act? Visited on: 02/10/2021 – https://www.michalsons.com/blog/gdpr-mean-popi-act/19959 The EU General Data Protection Regulation Visited on: 02/10/2021 – https://www.allenovery.com/en-gb/global/news-and-insights/the-eu-general-data-protection-regulation