GDPR and SA businesses
On 25 May this year, a new piece of legislation, called the General Data Protection Regulation (GDPR), came into effect in the EU and could have major consequences for non-compliant businesses, not only in Europe, but in South Africa, too.
The GDPR aims to give control over personal data and privacy back to EU citizens.
However, South African businesses that process personal information of EU citizens must also comply with GDPR regulations, says Max Blecher, managing director of Virtual Alliance, who will be a panellist at GDPR Update 2018, to be held from 6 to 9 November, at The Forum, in Bryanston.
Speaking of how the GDPR will affect South African businesses, Blecher says local organisations will need to make major changes.
"The changes that are required for GDPR cover the whole business. This includes strategy, for example designing security and privacy into organisational systems and processes; changes to policies; implementation of contractual amendments, with customers and data processors, and suchlike."
In terms of technology, he says businesses will need to look at increased information security, reduced information storage, tighter access controls and areas such as the retention of access logs. For processes, they will need to examine data processing impact assessments (DPIA), as well as look to change processes to conform with privacy requirements, such as limiting access to information, explains Blecher.
Organisations will need to look at their people, too, and consider things such as training and human change management, for example not copying, printing and sending personal information. They might also consider appointing a data protection officer (DPO), he adds.
Speaking about the downsides of the GDPR, Blecher cites cost of compliance, the significant financial and reputational risks associated with non-compliance, and the impact of organisational change. "The upside of GDPR, however, is that all efforts expended on GDPR will place organisations in very good stead for POPIA compliance."
Delegates attending the event will gain a deeper understanding of the regulations and what needs to be done to become GDPR compliant. They will also hear about the practical experiences of organisations that are already implementing GDPR programmes.