The new data protection regulation from the European Union is serious – even if it doesn’t impact a business directly.
After a prolonged grace period of two years, the General Data Protection Regulation (GDPR), a wide-reaching new piece of European legislation, is coming into full force. Though this law may seem a world away from South Africa, organisations in today’s global and connected environment should pay close attention to it – both for the sake of their business abroad and their legal stature in South Africa.
Daniel Lötter, Head: Bids and Tenders at managed service provider Itec Southern Africa, explained more:
“If you handle any information of an EU citizen or you have an EU citizen on your board, or anything like that, then you have to be GDPR compliant. If you want to do business with European resident countries, from a supplier or a vendor point of view, you also have to be compliant.”
The direct consequence of GDPR is serious, including fines of up to 4 percent annual global turnover or a flat €20 million – whichever is more. Even if local companies are not in the firing line, GDPR could severely impact their relationships with European companies:
“Compliance is very serious. GDPR has been in a honeymoon period since 2016 and that has come to an end. It brings some very stiff penalties along with it and European regulators will want to show it has teeth. Once one or more companies receive fines, many will follow the rules. That means anyone part of their value chain who isn’t compliant will at the least be cut off. So even if the prospect of direct fines and penalties can be low for South African companies, the knock-on effects will still make this felt. You have to find out how exposed you are.”
GDPR is more than just a law. It is being treated as an example of the shifting regulatory environment around data usage. As revealed by the recent problems at Facebook, not to mention countless data breaches of companies around the world, data management, ownership and control are becoming hot topics and won’t go away. So governments and societies are responding to protect this resource, as well as the sources that provide the data.
South Africa has its own data-centric legislation, the Protection of Personal Information (PoPI) act. GDPR’s arrival is a sign that local organisations must look closely at their compliance.
“The similarities between GDPR and PoPI are huge,” said Lötter. “There are some small and crucial differences around transactional data, but otherwise they are very similar. Even if a local business doesn’t require GDPR compliance, chances are much greater that they need to be in step with PoPI. In that light, GDPR is an opportunity for local businesses to reflect on their PoPI status and start making the right changes.”
GDPR and PoPI compliance impact many different parts of a company. But a prime component is data security, which is why Itec is launching a new security solution to help local companies of all sizes:
“We have launched a partnership with First Distribution to bring the Veritas security solution to our customers. This will create a security service with different tiers for various types of organisations. The solution is actually geared towards PoPI compliance. So this will help focus on customer information, which lies core to both GDPR and PoPI requirements.”
NOTE TO THE EDITOR
Itec Group South Africa
Itec is southern Africa’s fastest growing office automation, production printing and tele- communications solutions provider– with annual revenue of nearly two billion rand. Through its 47 southern African branches and an international footprint that includes the United Kingdom, the company implements total office solutions based on imported, industry-leading, and award-winning products.
Itec serves medium-sized and large businesses in sectors as diverse as financial services and retail –supporting its innovative solutions with proactive service delivery. Some of its 18 000 customers include Value Logistics, Implats, Department of Housing, Business Connexion, ADT, Rand Refinery, First National Bank, Anglogold Ashanti, National Health Laboratory Services and Advtech.
Itec management rebranded the company in 2004 following a merger of the separate copier, printer, and fax business units initially established in 1987.
https://itecgroup.co.za/wp-content/uploads/2018/07/Gdpr.jpg8001200Itechttps://itecgroup.co.za/wp-content/uploads/2018/02/itec-logo.pngItec2018-07-02 13:25:112018-07-02 14:45:00GDPR IS HERE, BUT SHOULD YOU CARE?