What does the GDPR mean for Businesses in South Africa?
What businesses operating in South Africa need to be aware of is that the GDPR applies in EU member states as well as where data is transferred to or from the EU. This means that businesses operating in South Africa which engage in business with persons in EU member states will fall within the ambit of the GDPR. Notably, the GDPR will apply where businesses in South Africa:
- Process the data of an EU member state citizen or temporary resident
- Have employees based in an EU member state
- Offer goods or services in an EU member state
- Have a partnership with an EU business
- Businesses in South Africa that have a presence in the EU will therefore need to be aware of the new requirements under the GDPR in order to continue to conduct their businesses in a data protection compliant manner.
The GDPR, in line with its risk-based approach for organisations to take responsibility for the way in which they process personal information, sets out severe consequences for non-compliance. The penalties for a breach under the GDPR can be a fine of up to 4 percent of their annual global turnover or €20 million (whichever is greater), which may have debilitating consequences for organisations in South Africa. In startling contrast, POPI’s penalty for non-compliance is a fine of up to ZAR10 million and/or 10 years’ imprisonment.
In compliance with the GDPR and in preparation for POPI, South African organisations which process personal information can take steps to avoid heavy fines. One such step is conducting a comprehensive due diligence of its businesses to determine where and how the personal information of the data subjects is processed. This will then assist them to plan accordingly to make sure that appropriate measures are taken to ensure compliance with POPI and the GDPR.
Ensuring that each document that is processed or captured, requires a “user” Authentication, via the companies Active Directory or LDAP, gives your company a full audit trail on all document transactions
Contact firstname.lastname@example.org to find out how we can assist you to make your Document Capture and Processing GDPR and POPI compliant.