GDPR: How compliant do you actually need to be with the EU’s new privacy rules?
The territorial scope of GDPR — the European Union’s new data privacy rules — is all-encompassing. Essentially, article 3 means that wherever you are in the world, if you are processing personal information on behalf of an EU controller, or you are directly targeting EU citizens, you need to take heed of the GDPR. But that does not necessarily mean that every part of your organisation has to comply with it. South African businesses rely heavily on international investments, and there are increasing opportunities for local businesses to partner with EU organisations that want to expand or outsource certain aspects of their operations. If you are a supplier or subsidiary to an EU based company, then the pressure is on you to comply with GDPR if you want to continue working with these companies. If you are an independent business with no attachment to the EU, yet your services are aimed at EU citizens — for example, you are a tour company tailoring South African safari experiences for ...
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Subscribe now to unlock this article.
Support BusinessLIVE’s award-winning journalism for R129 per month (digital access only).
There’s never been a more important time to support independent journalism in SA. Our subscription packages now offer an ad-free experience for readers.
Cancel anytime.
Questions? Email helpdesk@businesslive.co.za or call 0860 52 52 00. Got a subscription voucher? Redeem it now.