GDPR Day is here - 25 May 2018 - the day the new European Union General Data Protection Regulation (GDPR) protection framework kicks in! South African businesses possibly feel the new regulations don’t affect them. The reality is that we live in a global village and conduct business in a global economy. That means our data, especially personal privacy, has to comply with regulatory requirements wherever it may be accessed across the globe.
Also, let’s not forget that closer to home, the Protection of Personal Information Act 4 of 2013 (“POPIA”) is closing in and is likely to become fully effective next year. Needless to say, the theme for 2018 is DATA PROTECTION!
Compliance with POPI is an extensive and expensive task, but for many companies, compliance with data protection regulations doesn't end there. The GDPR places further obligations on companies even though they operate outside the EU. Failure to comply with the GDPR can result in a fine of 4% of company's global revenue or 20 million euros, whichever is greater. The GDPR is a massive monster that makes POPI, with its R10 million fine, look like a fluffy puppy. This is because compliance requirements for the GDPR are far more extensive and the process far more arduous than compliance with POPI. The harsh truth is that, for those who fall within its jurisdiction, the GDPR will corner you with stricter sanction, regardless of whether your're based in South Africa or in the European Union, so it's best to be prepared!
One of the key aspects of both GDPR and POPI is that of “Privacy by Design” along with “Privacy by Default”. In essence, companies will now be obliged to consider data privacy during design stages of all projects, along with the lifecycle of the relevant data process.
Fortunately, apart from naming conventions, the provisions across the two pieces of data protection legislation are very similar, so by complying with the GDPR means that complying with POPI should be smooth sailing. For example, both POPI and the GDPR necessitate compliance with certain principles when processing personal data, both require the regulator be notified in the case of a privacy breach, both call for a data protection officer to be appointed, and both place restrictions on and requirements for what personal data can be sent outside of the EU (in the case of the GDPR) and South Africa (in the case of POPI).
Unlike the GDPR, we don’t know when POPI will come into effect. What we do know is that there will be a one-year transitional period for companies to become compliant once the date is announced.
Accelerate Your Path to GDPR and POPI Compliance with Embrace end-to-end ERP business solutions!
Single Enterprise Resource Planning (ERP) solutions have excellent data storage, accurate representation of data and the centralising of data housed in an organisation. So, of course, ERP, GDPR and POPI are closely connected. Your ERP system lies at the heart of your business operations and if your data management solution is aligned correctly can play an enormous role in your business achieving compliance.
There are a number of ways in which centralising all the personal data a company holds about its contacts within a single ERP system like Embrace can help a business as it works towards GDPR and POPI compliance.
If you’re interested in implementing a single end-to-end ERP software solution for your business or have any questions, you can contact us on our contact page or at sales@embrace.co.za