What is the GDPR and how will it affect South Africans?

19 Jun

If you run a business that collects and processes information of individuals, it’s time to pay attention. The EU has already implemented the GDPR regulation and it affects you! Before you can understand how it affects you (and protects you for that matter), you might want to know what it is.


GDPR stands for General Data Protection Regulation and it is a legal framework that was designed to set certain rules in place for the collection and processing of sensitive personal data. These processes and regulations are meant to protect the rights of individuals.

If it’s determined that you aren’t processing data according to the GDPR, you might get away with it, but if you get caught, chances are that you will be faced with a hefty fine and public disgrace. This will lead to lack of public trust and that means less business for you as clients might feel safer taking their business elsewhere.

Companies that process, collect, store, use and destroy data must now do it in a certain way so that there is no chance of the information being intercepted and falling into the wrong hands.

According to the GDPR Facebook page, the new regulations are designed to impose a wide scope that incorporates more prescriptive standards and attaches fines that companies absolutely have to take seriously. This means that the GDPR requires those handling data to be more careful with how it’s handled. Similarly, the terms and conditions attached are far more in-depth. It makes it more difficult for a person to skim through a contract or terms and just look for the “accept” button.

Does the GDPR Affect South African Businesses?

The GDPR does affect any South African entity that does business with the EU and citizens. Any data collected, processed and stored that relates to EU citizens, must be handled according to the GDPR. With the EU being one of South Africa’s biggest trade partners, every business will eventually be affected by the GDPR.

South Africans are currently focussed on POPI (the Protection of Personal Information Act 4 of 2013). Interestingly, POPI is designed to have the very same aim as the GDPR in that it ensures that South African data protection laws are in line with international laws and regulations.

How can you Prepare your Business and yourself?

The first step to preparing yourself and your business is to ensure that you are familiar with the GDPR. Identify where you and your business are not compliant and start making changes. Being compliant with GDPR will make doing business with EU companies and individuals easier too.

Now you have a better understanding of the GDPR, make sure that you only trade with businesses who are willing to take the step towards a safer cyber community in South Africa and actually become compliant themselves.

Comments are closed.