The territorial scope of GDPR — the European Union’s new data privacy rules — is all-encompassing. Essentially, article 3 means that wherever you are in the world, if you are processing personal information on behalf of an EU controller, or you are directly targeting EU citizens, you need to take heed of the GDPR. But that does not necessarily mean that every part of your organisation has to comply with it. South African businesses rely heavily on international investments, and there are increasing opportunities for local businesses to partner with EU organisations that want to expand or outsource certain aspects of their operations. If you are a supplier or subsidiary to an EU based company, then the pressure is on you to comply with GDPR if you want to continue working with these companies. If you are an independent business with no attachment to the EU, yet your services are aimed at EU citizens — for example, you are a tour company tailoring South African safari experiences for ...

BL Premium

This article is reserved for our subscribers.

A subscription helps you enjoy the best of our business content every day along with benefits such as exclusive Financial Times articles, ProfileData financial data, and digital access to the Sunday Times and Times Select.

Already subscribed? Simply sign in below.

Questions or problems? Email or call 0860 52 52 00. Got a subscription voucher? Redeem it now