POPI vs GDPR – IT’S COMPLICATED!
Your business and international clients
– Carmi Martinson
Protection of Personal Information Act (“POPI”)
South Africans across all industries have been holding their breath since the Protection of Personal Information Act (“POPI”) was published on 26 November 2013. Businesses in South Africa are facing the imminence of POPI that will come into effect in its entirety on a date that is still to be determined.POPI’s objectives are to regulate the processing of personal information and data protection in an effort to align South African data protection laws with international standards.
In the meantime, other data protection legislation came to the party and although it is not South African law, South African businesses dealing with the European Union (“EU”) will have to comply as well.
EU – GENERAL DATA PROTECTION REGULATIONS (“GDPR”) WILL AFFECT SA BUSINESSES
The EU GDPR is a new privacy and data protection law which was adopted in Europe in April 2016. The GDPR became effective on 25 May 2017, with a one year grace period for companies to bring their privacy regulations in line with the regulations of the GPDR. It will be enforceable from 25 May 2018.
It is important for companies conducting business in the European Union (“EU”) to understand exactly how they will be affected. Any company processing the personal data of EU residents in connection with offering goods or services, or that monitors the behaviour of those residents, will have to comply with GDPR.
The key requirements of the GDPR can be simplified and summarised as follows: Companies have a responsibility to process personal data lawfully, fairly and in a transparent manner, as well as ensure that the personal data kept is accurate and up to date. The data may only be retained as long as it is necessary for a company to achieve the purpose for which the personal data was collected.
The GDPR aims to safeguard against any privacy and data breaches in a new global environment where business has become intertwined with technology and where most of the data is electronically transmitted.
GDPR SOUNDS A LOT LIKE POPI, SO WHY SHOULD WE BE CONCERNED?
The main concern is that South African companies conducting business with European companies will be seen as high risk from a personal information protection perspective, if compliance with GDPR is lacking.
The GDPR forces businesses to adopt a risk based approach in which personal information is processed and sets out severe consequences for non-compliance.
THE GDPR POPI DEBATE – SAME PRODUCT DIFFERENT FLAVOURS?
Similarities
The conditions and principles are the same in many ways, save for the definitions and naming conventions. Both necessitate compliance with processing of personal data, the Regulator to be notified of a privacy breach and regulates which data can be sent cross-border.
In essence, if your company complies with GDPR, it will comply with POPI.
Differences
Some of the significant differences are the security regulations, for example:
GDPR: “The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security and appropriate to risks represented by the processing and the nature of the personal data to be protected.”
POPI: “A responsible party must secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures.”
The most significant difference is the penalty for a breach under the GDPR, which can be a fine up to four percent of annual global turnover or €20 million, whichever is greater. These penalties have a potentially debilitating consequence for South African companies.
FAILING TO PREPARE IS PREPARING TO FAIL
In order to ensure that your business is GDPR and POPI compliant, a comprehensive due diligence of the business and the manner in which personal data is processed, should be conducted. This will ensure that appropriate retention policies and security measures can be put in place in order to safeguard unauthorised access, loss, damage, modification and destruction of data.
Our office can assist your business with the necessary policies and compliance with GDPR and POPI.
Life is complicated enough – compliance does not need to be.
This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice.
July 29, 2023
The Impact of Nelson Mandela and the Constitution of South Africa
The immense impact which Nelson Mandela had on our democracy as well as the country as a whole is a…
0 Comments5 Minutes
July 29, 2023
Contracts, Freedom and Other Important Terms and Conditions
The point of departure for most contracts is that you have the freedom of contract. This, simply…
0 Comments6 Minutes
March 20, 2023
The law of servitudes
An owner’s property rights are never unconditional or absolute. The owner of a property’s rights is…
0 Comments9 Minutes
March 20, 2023
Exploring the Legal Implications of Cohabitation: How South African law fails unmarried couples
As we close out the month of love, there is still one discussion to be had about the law and love.…
0 Comments8 Minutes
March 20, 2023
Recognition of religious marriages
Religious marriage is a marriage that is entered into in terms of certain religious views and…
0 Comments13 Minutes
February 7, 2023
How to identify and prevent sexual harassment in the workplace
In the age and century in which we live now, sexual harassment has become a grave topic to speak…
0 Comments8 Minutes
February 7, 2023
Unlawful evictions: A landowner should never resort to self-help
Section 26(3) of the Constitution states that “No one may be evicted from their home, or have their…
0 Comments8 Minutes
February 7, 2023
Customary marriage: Marriage is a beautiful thing
Marriage is a beautiful thing to behold, and South Africa has taken a shine to the saying, marriage…
0 Comments9 Minutes
January 12, 2023
Tips for tenants: How to make your house a home
Living in a rented apartment doesn’t mean you can’t make your living space your own. There are many…
0 Comments5 Minutes
January 12, 2023
I can no longer afford to pay maintenance, what should I do?
Many of us are still recovering from the harsh effects of the Covid-19 pandemic. Some of us are…
0 Comments5 Minutes