The need for greater protection of personal data is increasing globally.

The European Commission has just implemented the General Data Protection Regulation (GDPR) which is aimed at strengthening and unifying data protection for individuals within the European Union (EU) as well as regulating the export of personal data outside the EU. As from 25th May 2016, businesses have two years to become compliant with GDPR or risk severe penalties. If you are involved in doing business with the EU, you need to check whether this new legislation affects you, and if so, make sure that your business is compliant.

In South Africa, the Protection of Personal Information Act 4 of 2013 (PoPI), is moving forward with the following recent developments:

• On 10 May 2016, the Portfolio Committee on Justice and Correctional Services shortlisted five candidates for the office of Information Regulator.

• On 17 May 2016, former IEC chairperson, Pansy Tlakula, was recommended as chairperson of the newly-formed Information Regulator. The National Assembly still needs to approve this recommendation.

It is thought that the Information Regulator will appointed in August 2016. Regulations and dates of actual implementation will then be published and there will be a year’s grace period after implementation to comply with the Act.

The Act is a long and complex piece of legislation which is aimed at protecting the personal information used by private and public bodies. The intention of PoPI is to bring South Africa in line with international standards of protection of personal information.

The Act lays down the minimum conditions that should be followed in the lawful processing of information and will significantly change the way in which private information is dealt with by the government and by business.

Non-compliance could result in severe penalties such as:

• Civil class action and costly damages
• Fines of up to R10 million/10 years in jail
• Reputational damage

Both the GDPA (in the EU) and PoPI (in South Africa) are centred around building relationships and trust. This is a crucial time to implement a well-considered data management strategy and to ensure that your business adheres to these new regulations.