Does GDPR apply to you?

June 2018 Security Services & Risk Management

As the GDPR is the golden standard for data protection legislation globally, PoPIA compliance may not be enough, depending on your data handling commitments as an organisation. Two main groups will be affected by GDPR: ‘controllers’ of data, and ‘processors’ of data.

Controllers of data are those who state how and why personal data is processed. These include online businesses, charities and even the government – basically any entity that collects any element of personal data. Processors of data are those entities who actually process the data, such as IT companies. According to the GDPR legislation, even if controllers and processors are not based in the European Union, GDPR compliance is still mandatory, as the data they are collecting and/or processing belongs to EU residents.

So, how do you know that this means you? If you answer yes to any of the following questions, you must comply with the GDPR:

1. Is your business established in the European Union? This includes having an agent operating within the European Union.

2. Do you offer goods and services to people in the European Union? This legislation includes online retailers. For instance, if your e-commerce site contains pricing in Euros, or redirects from .eu to .co.za websites, this counts as offering goods and services in EU.

3. Do you monitor the behaviour of people in the European Union? These individuals do not necessarily have to be EU citizens, it applies to any and all residents of the EU.

4. Is your organisation a processor for a controller who must comply with the GDPR? It is the onus of the controller to ensure that their data processor adheres to regulations, whilst processors themselves must ensure that they comply to the legislation that determines how they record their processing activity. If a processor is involved in any sort of data breach, they will be liable under GDPR legislation.

5. Does your organisation have a processor within the EU? If you responded yes to any – or all – of these questions, compliance to the GDPR is mandatory for your business.

According to Ross Saunders, the director of global technology services at Cura Software Solutions, failure to comply comes at a hefty price. “The fines issued for non-compliance will be enforced by local regulatory bodies. These potential fines are divided into two levels. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.

“The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever amount is higher. The potential fines are considerable and more than enough incentive for companies to ensure compliance with the regulation.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
SA company develops world-first safe K9 training for drug detection
Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
Understanding South Africa’s Cybercrimes Act
Information Security Security Services & Risk Management
The Cybercrimes Act No.19 of 2020 is a comprehensive legislative response to the evolving landscape of cyberthreats in South Africa. Its effectiveness, however, relies on enforcement, which relies on implementation, international cooperation, and collaboration between the public and private sectors.

Read more...
Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
New data privacy trends increase large cyber claims
Security Services & Risk Management News & Events
Frequency and value of sizeable cyber insurance claims up 14% and 17% year-on-year in the first half of 2024, with a growing trend in the US for litigation against large corporations related to privacy violations.

Read more...
Streamlining and securing enterprise risk management
Security Services & Risk Management
[Sponsored] A new enterprise risk management web app from Zulu Consulting, called Risk-IO, is designed to automate and streamline the enterprise risk management process, ensuring no steps are skipped and everything is securely documented.

Read more...
Professional Firearms Trainers Council slams SASSETA’s skills programme
News & Events Security Services & Risk Management
The Professional Firearms Trainers Council (PFTC), the body responsible for private sector firearms training accreditation, has raised concerns with the Minister of Higher Education regarding a new skills programme proposed by SASSETA, which could put 42 000 jobs at risk.

Read more...
Data protection investments grow
Infrastructure Security Services & Risk Management
Senior IT professionals in small to large-sized businesses are allocating a significant portion of their IT budget to data protection and recovery, according to a recent survey from Arcserve.

Read more...