This is why your inbox is suddenly full of notices about privacy policies
- The European Union's General Data Protection Regulations (GDPR) come into force today.
- Organisations are taking no chances, because the penalties are hefty.
- South Africa's own Information Regulator does not exist yet.
The regulations are aimed at personal data protection and privacy for all individuals within the EU – but also addresses the export of personal data outside the EU. The aim of the legislation is to give citizens more control over their personal data.
The rules also ease things for international businesses in the EU, because data regulations are now uniform across the economic zone.
See also: EU privacy watchdog: Big tech firms are 'blackmailing' users into agreeing with their GDPR data terms
The regulations force companies to use the highest possible privacy settings by default. Data may not be made public without explicit consent from the user. No personal data may be processed unless it is done under the specifications of the regulations or if the data controller has received explicit, opt-in consent from the owner of the data.
Individuals have the right to revoke their permission at any time.
1/ It is a bit ironic that GDPR, a regulation to protect our privacy, has resulted in the greatest deluge of spam into my inbox that i can recall— Fred Wilson (@fredwilson) May 24, 2018
The new regulations come into effect today (25 May) and companies have one month to comply or face penalties of up to €20 million – nearly R300 million – or 4% of their turnover, according to Era Gunning, director of Banking and Finance at ENSAfrica. In terms of the regulations companies are obliged to conduct data protection impact assessment where data processing is likely to result in high risks for the rights and freedoms of individuals, says Gunning.
Companies must keep evidence or documentation of having done such assessments and mitigate data breach risks. Individuals also have the right to access data accumulated by companies and can ask that their data be transferred to another service provider or company.
South Africa has similar legislation called the Protection of Personal Information (POPI) Act parts of which came into effect in 2014 and will be controlled by the Information Regulator, a statutory body which is in the process of being created to enforce the Act.
Receive a single WhatsApp message every morning with all our latest news: Sign up here.
- SA medical engineers have built a EpiPen replacement that costs R200 a shot
- H&M sells Christmas T-shirts in South Africa – in April
- The Lewis stores once ubiquitous in small towns are slowly disappearing – but UFO furniture stores will be spreading fast
- Ranked: The 10 biggest unit trusts in South Africa right now
- Trump's latest shock move threatens South African car manufacturers