South Africa is following the GDPR quite closely. By implementing according to the GDPR, organisations should be comfortable that they are largely compliant with the Protection of Personal Information Act. It will still require tailoring to our specific requirements, but GDPR forms a great starting point.
Click on the item below to see the details
Article 1 – Subject-matter and objectives-Actions
Article 1 – Subject-matter and objectives-POPIA implications
GDPR Article 1: Implications for POPIA
Protection of natural persons and their right to privacy is enshrined in the Constitution. The Protection of Personal Information Act (POPIA) is South Africa's Privacy law and introduces requirements for the processing of Personal Information.
Regulations to the Act are expected to be finalised in early 2018 and will provide detail regarding what organisations need to do in order to comply.
If a South African organisation conducts business with an EU organisation they need to understand the implications of the GDPR. Any cross border flow of information to and from the EU should be considered.
The Protection of Personal Information Act (POPIA) gives effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justiﬁable limitations.
The Protection of Personal Information Act (POPIA) includes provision for justifiable limitations including:
(i) balancing the right to privacy against other rights, particularly the right of access to information; and
(ii) protecting important interests, including the free ﬂow of information within the Republic and across international borders
Article 1 – Subject-matter and objectives-GDPR
GDPR Article 1: Rules relating to the protection of natural persons information
This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.