Does GDPR apply to you?

June 2018 Security Services & Risk Management

As the GDPR is the golden standard for data protection legislation globally, PoPIA compliance may not be enough, depending on your data handling commitments as an organisation. Two main groups will be affected by GDPR: ‘controllers’ of data, and ‘processors’ of data.

Controllers of data are those who state how and why personal data is processed. These include online businesses, charities and even the government – basically any entity that collects any element of personal data. Processors of data are those entities who actually process the data, such as IT companies. According to the GDPR legislation, even if controllers and processors are not based in the European Union, GDPR compliance is still mandatory, as the data they are collecting and/or processing belongs to EU residents.

So, how do you know that this means you? If you answer yes to any of the following questions, you must comply with the GDPR:

1. Is your business established in the European Union? This includes having an agent operating within the European Union.

2. Do you offer goods and services to people in the European Union? This legislation includes online retailers. For instance, if your e-commerce site contains pricing in Euros, or redirects from .eu to .co.za websites, this counts as offering goods and services in EU.

3. Do you monitor the behaviour of people in the European Union? These individuals do not necessarily have to be EU citizens, it applies to any and all residents of the EU.

4. Is your organisation a processor for a controller who must comply with the GDPR? It is the onus of the controller to ensure that their data processor adheres to regulations, whilst processors themselves must ensure that they comply to the legislation that determines how they record their processing activity. If a processor is involved in any sort of data breach, they will be liable under GDPR legislation.

5. Does your organisation have a processor within the EU? If you responded yes to any – or all – of these questions, compliance to the GDPR is mandatory for your business.

According to Ross Saunders, the director of global technology services at Cura Software Solutions, failure to comply comes at a hefty price. “The fines issued for non-compliance will be enforced by local regulatory bodies. These potential fines are divided into two levels. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.

“The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever amount is higher. The potential fines are considerable and more than enough incentive for companies to ensure compliance with the regulation.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Three new portable power stations to ease load shedding
News Security Services & Risk Management Products
EcoFlow has launched three portable power stations that provide sufficient power for consumers wherever they are; the DELTA 2 and RIVER 2 Series are feature-filled power solutions to the volatile electricity supply.

Read more...
You cannot bribe a computer
Access Control & Identity Management Security Services & Risk Management
Corruption is a cancer that destroys the prospects and stability of countries and businesses. It widens wealth gaps and punishes the poor. It costs countries many billions in lost revenue.

Read more...
How much protection does cyber insurance really give businesses?
Cyber Security Security Services & Risk Management
If organisations don’t meet even the minimum requirements of security and data protection, insurance will do them little good. Instead, it needs to be just one part of the digital resiliency toolbox.

Read more...
Off-grid power solution for residential estate
Editor's Choice Security Services & Risk Management Residential Estate (Industry) Products
Coral Beach Estate, an upmarket residential estate based in East London, has been struggling with load shedding and power outages due to South Africa's energy crisis, as well as the vandalism of its power infrastructure.

Read more...
SafeCity Guarding rolls out across 14 suburbs in Johannesburg
News Security Services & Risk Management
In a major drive to provide communities across Johannesburg with additional safety, Vumacam, in partnership with Fidelity ADT and other security providers across the region, rolled out the innovative SafeCity Guarding initiative in 14 suburbs.

Read more...
FleetDomain underpins Afrirent’s value proposition
Logistics (Industry) Security Services & Risk Management
Afrirent, a 100% female black-owned fleet management company, has been relying on FleetDomain software for a number of years to help it deliver outstanding service to a growing number of clients.

Read more...
Choosing an inferior lithium battery can be detrimental and unsafe
Uniross Batteries Security Services & Risk Management Products
South Africans looking to mitigate the impact of load shedding by installing a solar system for their home must do so through an accredited installer or electrician to avoid insurance claims being rejected.

Read more...
Employee screening, a hiring necessity or an invasion of privacy?
Security Services & Risk Management
There is a fine line between checking a potential employee’s qualifications and references, and investigating aspects of their lives that have nothing to do with their job application.

Read more...
Keeping students, staff and communities safe
Vumacam News CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
South African schools are facing increasing security challenges, making effective surveillance systems more important than ever. To address this issue, Vumacam is offering advanced security solutions with security partners, aimed at keeping students, staff, and the community safe.

Read more...
Technology is key to securing physical and cybersecurity
Education (Industry) Security Services & Risk Management
The interpretation of security in educational institutions depends on whom you are talking to and whether their focus is on the physical security of the institution, its assets and its people, or its information and communication technology perspective.

Read more...