Regulatory update on the global data protection regulation
The General Data Protection Regulation (GDPR) requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. Non-compliance has very serious consequences and has the potential to cost companies dearly. We spoke to John Giles, managing attorney at Michalson's, to find out what this means for South African companies.
ITWeb: What is global data protection regulation?
Giles: It is the sum total of all the different data protection laws that an organisation must comply with. There are both umbrella data protection laws and other laws that include data protection provisions. Many countries have them and compliance with all the ones that apply to your organisation is very difficult. The most important ones are the GDPR and the Privacy and Electronic Communications Regulations (PECR). Many people have heard of the GDPR but not the PECR. Both of these show that the EU's aspiration is to become the data police of the world.
ITWeb: How will it affect businesses in South Africa?
Giles: Most organisations don't think that they have to comply with the GDPR. They are wrong. Most South African organisations must comply and the deadline is 25 May 2018. In my presentation, we'll ask the questions that people must ask to work out whether they must comply. Global data protection laws will have both a direct and indirect practical impact on all organisations in South Africa. Especially the concept of privacy by design and by default will have a huge impact on anything related to data. Compliance by design is also going to be huge.
ITWeb: What top key points would you like to leave the delegates with from your upcoming presentation?
Giles: I would like to leave them with the following: you probably have to comply with the GDPR by 25 May 2018, focus on global law and not local laws, compliance is going to become by design and outcomes based and we're entering a period of rapid technological development.