Does GDPR apply to you?

June 2018 Security Services & Risk Management

As the GDPR is the golden standard for data protection legislation globally, PoPIA compliance may not be enough, depending on your data handling commitments as an organisation. Two main groups will be affected by GDPR: ‘controllers’ of data, and ‘processors’ of data.

Controllers of data are those who state how and why personal data is processed. These include online businesses, charities and even the government – basically any entity that collects any element of personal data. Processors of data are those entities who actually process the data, such as IT companies. According to the GDPR legislation, even if controllers and processors are not based in the European Union, GDPR compliance is still mandatory, as the data they are collecting and/or processing belongs to EU residents.

So, how do you know that this means you? If you answer yes to any of the following questions, you must comply with the GDPR:

1. Is your business established in the European Union? This includes having an agent operating within the European Union.

2. Do you offer goods and services to people in the European Union? This legislation includes online retailers. For instance, if your e-commerce site contains pricing in Euros, or redirects from .eu to .co.za websites, this counts as offering goods and services in EU.

3. Do you monitor the behaviour of people in the European Union? These individuals do not necessarily have to be EU citizens, it applies to any and all residents of the EU.

4. Is your organisation a processor for a controller who must comply with the GDPR? It is the onus of the controller to ensure that their data processor adheres to regulations, whilst processors themselves must ensure that they comply to the legislation that determines how they record their processing activity. If a processor is involved in any sort of data breach, they will be liable under GDPR legislation.

5. Does your organisation have a processor within the EU? If you responded yes to any – or all – of these questions, compliance to the GDPR is mandatory for your business.

According to Ross Saunders, the director of global technology services at Cura Software Solutions, failure to comply comes at a hefty price. “The fines issued for non-compliance will be enforced by local regulatory bodies. These potential fines are divided into two levels. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.

“The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever amount is higher. The potential fines are considerable and more than enough incentive for companies to ensure compliance with the regulation.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The benefit of thermal screening
Issue 4 2020, Technews Publishing, Sensor Security Systems , Security Services & Risk Management
How preventive screening with thermal cameras can help in the fight against COVID-19.

Read more...
Resilience is critical for post-COVID business success
Issue 4 2020, ContinuitySA , Security Services & Risk Management
Of the many lessons we have to learn from the current emergency, perhaps the most crucial one is to ensure that business strategy and operations are founded on resilience.

Read more...
Post-Coronavirus communications: kick start your small business
Issue 4 2020 , Security Services & Risk Management
In these uncertain times, how should small companies and startups in the business-to-business domain recommence their selling and communication processes?

Read more...
The dashboard of the future
Issue 4 2020 , Security Services & Risk Management
Web-based Electronic Signature Dashboard offers quick access to eSignatures within the necessary legal parameters and incorporating advanced security.

Read more...
The end of blind alarms
Issue 3 2020 , Security Services & Risk Management, Perimeter Security, Alarms & Intruder Detection
Today’s alarms should be supplemented by visual verification to ensure that guards are not dispatched to false alarms, wasting time and money.

Read more...
Is cash crime on lockdown this Easter?
Issue 3 2020 , Security Services & Risk Management
While Easter is generally a peak trading season for retailers, this has also always been one of the busiest times of the year for criminal activity – particularly at a retail level, as cash volumes rise ...

Read more...
Coronavirus scams abound
Issue 3 2020, Duxbury Networking , Security Services & Risk Management
Disturbingly, hackers are active even during times of global disaster, as evidenced in the various cyber-scams doing the rounds in the recent weeks.

Read more...
Now is the time to look for those hidden opportunities
Issue 3 2020 , Security Services & Risk Management
Now is the time to showcase your capabilities, to ensure that once the market turns, existing and potential clients know exactly what value you can offer.

Read more...
The COVID-19 lessons business must learn
Issue 3 2020, ContinuitySA , Security Services & Risk Management
Although the crisis is still unfolding, it’s already clear that building resilience into your organisational DNA is more important than ever.

Read more...
All employees do it
Issue 3 2020 , Security Services & Risk Management
SearchInform analytics has summed up the most frequent security incidents detected in client companies.

Read more...