Does GDPR apply to you?

June 2018 Security Services & Risk Management

As the GDPR is the golden standard for data protection legislation globally, PoPIA compliance may not be enough, depending on your data handling commitments as an organisation. Two main groups will be affected by GDPR: ‘controllers’ of data, and ‘processors’ of data.

Controllers of data are those who state how and why personal data is processed. These include online businesses, charities and even the government – basically any entity that collects any element of personal data. Processors of data are those entities who actually process the data, such as IT companies. According to the GDPR legislation, even if controllers and processors are not based in the European Union, GDPR compliance is still mandatory, as the data they are collecting and/or processing belongs to EU residents.

So, how do you know that this means you? If you answer yes to any of the following questions, you must comply with the GDPR:

1. Is your business established in the European Union? This includes having an agent operating within the European Union.

2. Do you offer goods and services to people in the European Union? This legislation includes online retailers. For instance, if your e-commerce site contains pricing in Euros, or redirects from .eu to .co.za websites, this counts as offering goods and services in EU.

3. Do you monitor the behaviour of people in the European Union? These individuals do not necessarily have to be EU citizens, it applies to any and all residents of the EU.

4. Is your organisation a processor for a controller who must comply with the GDPR? It is the onus of the controller to ensure that their data processor adheres to regulations, whilst processors themselves must ensure that they comply to the legislation that determines how they record their processing activity. If a processor is involved in any sort of data breach, they will be liable under GDPR legislation.

5. Does your organisation have a processor within the EU? If you responded yes to any – or all – of these questions, compliance to the GDPR is mandatory for your business.

According to Ross Saunders, the director of global technology services at Cura Software Solutions, failure to comply comes at a hefty price. “The fines issued for non-compliance will be enforced by local regulatory bodies. These potential fines are divided into two levels. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher.

“The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever amount is higher. The potential fines are considerable and more than enough incentive for companies to ensure compliance with the regulation.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Communication in any situation
Issue 8 2020, Elvey Security Technologies , Global Communications , Security Services & Risk Management
Global Communications offers an industry-first with five-year warranty on select Kenwood two-way radios.

Read more...
The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

Read more...
mySOS targets neighbourhood safety
Issue 2 2021 , Security Services & Risk Management
Beyond protection for valuables and premises, people are also looking to ensure their personal safety and that of their loved ones as they move around and within community areas.

Read more...
Staying safe with tap-and-go
Issue 2 2021 , Security Services & Risk Management
When it comes to tap-and-go functionality, security does not fall within the ambit of only one particular link in the value chain; banks, retailers and users have a part to play in safeguarding these devices and transactions.

Read more...
Personal safety at your fingertips
Issue 2 2021, Otto Wireless Solutions , Security Services & Risk Management
The PB7GSM personal tracker is a small, powerful, personal tracking system that enables users to immediately alert up to three pre-selected cellphone numbers in any emergency.

Read more...
A new era of digital buildings
Issue 2 2021 , Security Services & Risk Management
The impact of the COVID-19 pandemic has accelerated the need for digitally integrated buildings, as organisations have had to implement strategies to adjust to new ways of working to improve efficiencies, reduce costs, mitigate security risks and implement health and safety measures.

Read more...
Free technology to boost future careers
Issue 2 2021 , Cyber Security, Security Services & Risk Management
A global shortage of cybersecurity professionals has become so severe that companies are increasingly at risk from hacking and industrial espionage.

Read more...
PoPIA: How the ‘Operator’ must use personal information
Issue 2 2021 , Security Services & Risk Management
While much focus has been placed on the roles and responsibilities that must be fulfilled to meet the standards of the Protection of Personal Information Act (PoPIA), the role of the Operator must also be highlighted.

Read more...
Banking on radio
Issue 2 2021, Global Communications , Security Services & Risk Management
Communicating between built-up and remote areas is often not possible using cellular technology since signals may be poor or non-existent. This is where two-way radios come to the fore.

Read more...
Dealing with farm attacks
Issue 2 2021, Technews Publishing , Editor's Choice, Integrated Solutions, Security Services & Risk Management, Agriculture (Industry)
Brutal farm attacks are unfortunately a common event in South Africa. Laurence Palmer suggests a proactive, community-based approach as the optimal way to prevent these heinous crimes from happening in the first place.

Read more...