How will the GDPR affect South African businesses?
In today's information economy we see unprecedented amounts of big data, and organisations profiting off our personal information.
Companies like Google and Facebook offer 'free' services that are entertaining and convenient - individuals give these organisations ongoing rights to their data in exchange for using those services, and thus their data becomes the product.
This means the need for transparency and accountability has become crucial, particularly in light of the slew of data breaches we have seen over the past few years, in which millions of customers have had their personal data exposed.
This year, on 25 May, Europe's General Data Protection Regulation (GDPR) came into effect, bringing new rules for how companies manage and share personal data. How will SA businesses be affected?
Protection for citizens
David Luyt, an associate at Michalsons, says the GDPR is a legal framework that requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. "It covers all companies that deal with the data of EU citizens, specifically banks, insurance companies, and other financial companies."
He says SA businesses will be affected by the GDPR for several reasons. "One of SA's largest trading partners is the EU, and the GDPR applies to anyone who processes the personal data of EU residents, which includes many South African companies."
Next, he says, there are international standards and guidelines to consider. "Our local data protection law (POPIA), when it comes into effect, will oblige the Information Regulator, our equivalent of a supervisory authority, to regulate the processing of personal information in harmony with international standards, and to consider developing general international guidelines. Both of these would certainly include the GDPR and any foreign guidance produced by European supervisory authorities.
The gold standard
Moreover, he says the GDPR is the 'gold standard' of data protection law and will help SA interpret POPIA when it comes into effect.
Luyt will be presenting on 'Meeting the GDPR's privacy and security requirements' at ITWeb's GDPR Update 2018, to be held on 7 November at The Forum in Bryanston.
During his presentation, delegates will get an introduction to the art and science of information security law compliance, and will learn about the main rules, codes and standards that form the body of information security law. In addition, attendees will learn how to comply with information security law in their organisation at a high level.
Luyt will also expand delegates' understanding of what they think of as information security measures.