Does GDPR apply to you?

June 2018 Security Services & Risk Management

As the GDPR is the golden standard for data protection legislation globally, PoPIA compliance may not be enough, depending on your data handling commitments as an organisation. Two main groups will be affected by GDPR: ‘controllers’ of data, and ‘processors’ of data.

Controllers of data are those who state how and why personal data is processed. These include online businesses, charities and even the government – basically any entity that collects any element of personal data. Processors of data are those entities who actually process the data, such as IT companies. According to the GDPR legislation, even if controllers and processors are not based in the European Union, GDPR compliance is still mandatory, as the data they are collecting and/or processing belongs to EU residents.

So, how do you know that this means you? If you answer yes to any of the following questions, you must comply with the GDPR:

1. Is your business established in the European Union? This includes having an agent operating within the European Union.

2. Do you offer goods and services to people in the European Union? This legislation includes online retailers. For instance, if your e-commerce site contains pricing in Euros, or redirects from .eu to .co.za websites, this counts as offering goods and services in EU.

3. Do you monitor the behaviour of people in the European Union? These individuals do not necessarily have to be EU citizens, it applies to any and all residents of the EU.

4. Is your organisation a processor for a controller who must comply with the GDPR? It is the onus of the controller to ensure that their data processor adheres to regulations, whilst processors themselves must ensure that they comply to the legislation that determines how they record their processing activity. If a processor is involved in any sort of data breach, they will be liable under GDPR legislation.

5. Does your organisation have a processor within the EU? If you responded yes to any – or all – of these questions, compliance to the GDPR is mandatory for your business.

According to Ross Saunders, the director of global technology services at Cura Software Solutions, failure to comply comes at a hefty price. “The fines issued for non-compliance will be enforced by local regulatory bodies. These potential fines are divided into two levels. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.

“The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever amount is higher. The potential fines are considerable and more than enough incentive for companies to ensure compliance with the regulation.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

Read more...
A standards-based, app approach to risk assessments
Security Services & Risk Management News & Events
[Sponsored] Risk-IO is web-based and designed to consolidate and guide risk managers through the whole risk process. In this article, SMART Security Solutions asks Zulu Consulting to tell us more about Risk-IO and how it came to be.

Read more...
Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Read more...
Integrate digital solutions to reduce carbon footprint
Facilities & Building Management Security Services & Risk Management
As increasing emphasis is placed on the global drive towards net zero carbon emissions, virtually every industry is being challenged to lower its carbon footprint and adopt sustainable practices.

Read more...
Visualise and mitigate cyber risks
Security Services & Risk Management
SecurityHQ announced its risk and incident management capabilities for the SHQ response platform. The SHQ Response Platform acts as the emergency room, and the risk centre provides the wellness hub for all cyber security monitoring and actions.

Read more...
Eighty percent of fraud fighters expect to deploy GenAI by 2025
Security Services & Risk Management
A global survey of anti-fraud pros by the ACFE and SAS reveals incredible GenAI enthusiasm, according to the latest anti-fraud tech study by the Association of Certified Fraud Examiners (ACFE) and SAS, but past benchmarking studies suggest a more challenging reality.

Read more...
Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.

Read more...