GDPR and SA businesses

Johannesburg, 22 Aug 2018
Read time 2min 00sec

On 25 May this year, a new piece of legislation, called the General Data Protection Regulation (GDPR), came into effect in the EU and could have major consequences for non-compliant businesses, not only in Europe, but in South Africa, too.

The GDPR aims to give control over personal data and privacy back to EU citizens.

However, South African businesses that process personal information of EU citizens must also comply with GDPR regulations, says Max Blecher, managing director of Virtual Alliance, who will be a panellist at GDPR Update 2018, to be held from 6 to 9 November, at The Forum, in Bryanston.

Major changes

ITWeb GDPR Update 2018

Book your seat today to attend the inaugural ITWeb GDPR Update 2018 in Johannesburg, on 7 November. Experts from across SA businesses will be presenting in mini-workshop format during the one-day, multi-speaker conference. Also on offer is a half-day workshop, presented by Peter Hill, IT Governance Network, and a two-day training course, covering GDPR compliancy: dataflow management with regards to an integrated IT solution. To find out more, go to: http://v2.itweb.co.za/event/itweb/gdpr-update-2018/

Speaking of how the GDPR will affect South African businesses, Blecher says local organisations will need to make major changes.

"The changes that are required for GDPR cover the whole business. This includes strategy, for example designing security and privacy into organisational systems and processes; changes to policies; implementation of contractual amendments, with customers and data processors, and suchlike."

In terms of technology, he says businesses will need to look at increased information security, reduced information storage, tighter access controls and areas such as the retention of access logs. For processes, they will need to examine data processing impact assessments (DPIA), as well as look to change processes to conform with privacy requirements, such as limiting access to information, explains Blecher.

Organisations will need to look at their people, too, and consider things such as training and human change management, for example not copying, printing and sending personal information. They might also consider appointing a data protection officer (DPO), he adds.

Pros, cons

Speaking about the downsides of the GDPR, Blecher cites cost of compliance, the significant financial and reputational risks associated with non-compliance, and the impact of organisational change. "The upside of GDPR, however, is that all efforts expended on GDPR will place organisations in very good stead for POPIA compliance."

Delegates attending the event will gain a deeper understanding of the regulations and what needs to be done to become GDPR compliant. They will also hear about the practical experiences of organisations that are already implementing GDPR programmes.