The 28th of January is World Data Privacy and Protection Day, and in a time where large data breaches are becoming increasingly common and the effective date of South Africa’s Protection of Personal Information Act (POPIA) legislation is set for the first or second quarter of 2018, this international day seems more important than ever. 2018 promises to be a big year in data protection circles. South Africa is waiting with bated breath for the Information Regulator, who will police POPIA, to announce when that law will become effective.

“Although the POPIA is not in effect as yet, according to the Information Regulator, the effective date will be announced soon,” says Elizabeth de Stadler, co-founding director at Novation Consulting. “Once this happens, South African organisations could have as little as one year to become compliant, so we believe it’s crucial for companies to start seriously thinking about how they are going to comply with the new regulations.”

This is not the only data protection legislation South African organisations have to worry about. The EU’s General Data Protection Regulations (the GDPR) becomes effective on 25 May 2018 and its reach goes way beyond the EU. Many South African countries will be subject to it, but they do not even realise it. Novation Consulting, a leading local consultancy specialising in POPIA compliance and plain language contracts, has released a white paper which explains who should be worried about the GDPR and how the GDPR and the POPIA compares.  

Co-founder of Novation Consulting, Paul Esselaar, adds: “The EU GDPR has some serious fines in place for those non-compliant companies – as much as 4% of the organisations’ global turnover or €20 million; whichever amount is larger. In comparison the POPIA carries a maximum fine of R10 million. So, while the many organisations are focussing on POPIA, we also believe it’s important for business to understand the global legislation too.”

The white paper has a checklist for organisations to determine whether they will be affected by the EU GDPR and what they can do to mitigate the risks. Another important resource contained in the white paper is a 12-step guide on what all organisations need to consider in the run up to the GDPR and POPIA coming into effect.

“In our experience, the true damage caused by data breaches is not actually the cost of litigation or fines; the biggest risk lies in the massive reputational harm suffered by organisations who suffered a breach – the recent Equifax breach is a case in point. So, we’re trying to make sure that our clients, and businesses in general, are prepared for the upcoming legislation and that they are empowered with the information they require,” concludes de Stadler.

Want more information on POPIA?

Novation Consulting has a book on POPIA that can be purchased here. They also offer workshops through UCT Law@Work and also do tailor made workshops for organisations. If e-learning is more your speed, Novation Consulting has also developed an extensive POPIA course as well as an e-mail based 10-week course, POPI DIY.