The EU’s GDPR and some African data protection laws differ significantly
One of the major differences between the General Data Protection Regulation and SA’s Protection of Personal Information Act is the definition of ‘personal’
Africa has 17 counties in which data protection legislation has been adopted. In addition, the African Union (AU) has adopted the AU Convention on Cyber-security and Personal Data Protection, which is pending ratification by 15 of the 54 AU members. The data protection legislation adopted by countries in Africa share many principles with the EU’s new General Data Protection Regulation (GDPR), but there are some key areas in which they differ. While some jurisdictions require organisations to register with a data protection authority, others may not. Some countries are very prescriptive on cross-border data transfers, while others either have little to no requirements. In SA, a key distinction between the GDPR and the Protection of Personal Information Act (POPIA) is the definition of a person and, by extension, what constitutes personal information. POPIA includes juristic persons, such as companies, in its definition of "personal".
The disparities in data protection legislati...
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Subscribe now to unlock this article.
Support BusinessLIVE’s award-winning journalism for R129 per month (digital access only).
There’s never been a more important time to support independent journalism in SA. Our subscription packages now offer an ad-free experience for readers.
Cancel anytime.
Questions? Email helpdesk@businesslive.co.za or call 0860 52 52 00. Got a subscription voucher? Redeem it now.