Global data protection and transfer compliance and policies (GDPR, POPI)
for businesses and entrepreneurs
Data privacy is a critical and growing concern, necessitating compliance with local (POPI) and international legislation (GDPR). We advise our clients on requirements depending on the nature of their businesses and provide the necessary documents and compliance processes.
There are now severe regulatory penalties for non-compliance with data protection laws, including fines and prison sentences. These are in addition to the claims that you may be subject to under your customer or supplier contract terms, which can be significant enough to put you out of business unless you have the necessary protections in place.
The Protection of Personal Information Act (POPI) applies to any organisation that is resident in South Africa or processes personal information in South Africa. South African organisations are required to be fully compliant with POPI by 1 July 20201. The General Data Protection Regulation (GDPR) has applied since 25 May 2018 to any organisation that operates within the EU, or operates outside of the EU but offers products or services to EU citizens and residents or monitors their behaviour. This means that ultimately almost every major organisation needs a GDPR compliance strategy. In addition to POPI and the GDPR, there might be local laws that apply in the countries within which an organisation does business that must be complied with.