Does your Business Require GDPR Compliance?

Is the General Data Protection Regulation (GDPR) compliance, scheduled in effect this month, necessary to implement in your organisation? The answer will most likely depend on your business localisation, and data handling and commitments.

Firstly, enterprises should understand that GDPR is now enforced as the EU and global standard for data protection legislation, with important ramifications and consequences for multi-nationals and organisations trading in the global marketplace – specifically with the popularity of cloud environments hosting data beyond borders.

In South Africa, the current Protection of Personal Information (POPI) compliance may not be enough to address personal data safety under the new global regulations.

Put simply, GDPR will affect organisations that are data controllers and data processors.

Any organisation that collects personal data has to abide by the GDPR regulatory framework, which comes into effect on May 25, 2018. This category includes all organisations and digital businesses engaged in such data collection. Yes, even governments.

Enterprises who manipulate, process, and analyse data are considered data processors, and they too are subjected to the GDPR legislation.

GDPR compliance is mandatory for your business in the following scenarios:

  • If your business is established or has an agent representative in the European Union
  • If your business provides its products and services to EU customers, including via e-commerce or sites indicating an European store or EUR pricing
  • If your business is not based in the EU, BUT the data collection and processing belongs to EU residents
  • If your business uses a data processing facility located in the EU
  • If your business processes information for an organisation that collects data, which must be GDPR compliant

Ultimately, an organisation that finds itself in the situations above has to ensure that their data collection or processing adheres to the GDPR regulations. The same applies for partner vendors or suppliers, which are liable for data breaches under the new legislation.