All businesses in South Africa that trade with the European Union (EU), have staff or offices in the EU, employ EU residents, or hold their personal data for any reason, are subject to EU data protection laws.
The EU can impose heavy fines on those that do not comply, but we estimate few small or medium-sized ones are compliant.
Every affected business in South Africa, large or small, must have data protective measures in place.
Companies need to know of the heavy penalties for noncompliance with the EU law – the General Data Protection Regulation or GDPR.
These can be a maximum fine of up to 4% of their global turnover or €20 million, whichever is the greater.
South Africa has its own version of the GDPR – the POPI Act detailing fines of up to R10 million, but it is yet to be promulgated. In the meantime the GDPR applies to those in SA who need to comply with EU standards.
Waiting to take action on protecting personal data because our own regulations are not yet in place, would be a mistake. It makes sense to become compliant as soon as possible, if only to protect yourself, your staff and your customers from cyber theft, identity theft or because privacy is precious to every citizen and protected by our Constitution.
President of the Cape Chamber of Commerce and Industry