How will GDPR affect SA businesses?
The new framework for data protection, the General Data Protection Regulation, or GDPR, is here, but what does it mean for local businesses and individuals, and how should they prepare for it?
The GDPR has a broad territorial reach which can have as great an impact on SA-based business as if they were located in the EU, says Dr Peter Tobin, CEO of Peter Tobin Consultancy, who will be presenting on 'European Data Protection Board (EDPB) update: implications for South African business', at GDPR Update 2018, to be held from 6 to 9 November, at The Forum, in Bryanston.
According to him, the need for compliance with the GDPR exists whenever the personal data of EU residents is processed, which could have an impact on any organisation offering goods and services in the EU, even if no contractual arrangement results.
Speaking of the changes that SA businesses will need to make, Tobin says the first key change will be to complete an impact assessment to identify whether the activities of an SA-based business are impacted by the need to comply with the GDPR.
"Where that is the case, a detailed risk assessment or gap analysis will need to be completed and based on the risk appetite and tolerance of the organisation, appropriate risk responses will need to be implemented."
He says there are several downsides of the GDPR too. "First there's the obvious potential for fines and other penalties being imposed by the supervisory authorities, either directly in the EU or through the relationship with national authorities outside the EU."
Second and perhaps more important, he says, is the negative impact where non-compliance might result in loss of reputation and the consequences thereof, such as customers choosing to walk away. "Of course another downside of the GDPR is the cost of achieving compliance."
During his talk, Tobin will discuss the role of the European Data Protection Board, and delegates will get a key takeout in terms of understanding the priorities in terms of the evolution of the GDPR.
They will also learn about the GDPR's role in giving general guidance to clarify the terms of European data protection laws, to ensure stakeholders have a consistent interpretation of their rights and obligations.