South African companies should also consider GDPR data impact

28 November 2017 Consultancy.co.za

As businesses across Europe scramble to update their operations to comply with the General Data Protection Regulation (GDPR), a new survey from global professional services firm PwC suggests that firms from all over the world, including South Africa, will also have to tighten their data security practices if they want to continue trading with European firms. 

Transforming entire business operations to become reliant on the digital arena has become the logical survival tactic for most companies across the world, in light of rapid technological development and the consequent disruption of industries far and wide. However, with the migration of operations to the online domain comes all its risks and vulnerabilities in the form of hackers with technical knowhow and malicious intent.

These risks have manifested themselves extensively in recent months, primarily in the form of cyber attacks, which are becoming increasingly high-profile and expansive in their impact. The Equifax hack is a prominent example, whereby the personal and financial details of nearly half the population of the US were compromised. 

More recently, Big Four professional services firm Deloitte, which is the largest cyber-security consulting firm in the world, was subject to a cyber attack on its own database, whereby the personal communications of 244,000 Deloitte employees were continuously leaked over a six-month period. The mails included information from high-profile clients all the way up to four departments of the US Government, the United Nations, and some of the world’s biggest multi-nationals. 

GDPR and POPIA 

The EU recognised these threats last year, when the European Parliament compiled the GDPR, which is a regulatory framework designed for companies that handle large volumes of sensitive personal data. The new regulations include: a broadening of the definition of personal data, stricter rules to obtain valid consent, breach-notification deadlines, as well as the “right to be forgotten,” among several other detailed regulations.

South African companies should also consider GDPR data impact

The fines and penalties have been set to strongly disincentivise violations. Failure to comply with GDPR stipulations invites a fine of 20% of annual turnover, or €20 million (R328 million), whichever is greater.

One key feature of the GDPR, and one which encapsulates a number of South African firms according to Big Four accounting and advisory firm PwC, is that non-EU parties who handle the data of any EU subject, whether citizens or companies, must also comply with the data protection regulations. Upon failure to comply, these firms are liable to face sanctions under GDPR. 

As a result, South Africa has begun drafting the Protection of Personal Information Act (POPIA), which is likely to enter an implementation phase in early 2019, nearly a year after GDPR comes into force in May 2018. The POPIA regulations are reportedly even more of a challenge to comply with, as the definition of “personal information” under the act is even broader than the GDPR in its scope. 

As elucidated by Busisiwe Mathe, the Leader of Risk Assurance in the Cyber and Privacy domains for PwC in South Africa, “The GDPR will impact many South African and other organisations across the African continent, while Compliance with POPIA will be a challenge for many organisations. The POPIA compliance journey will require organisations to consider many features within their organisation and strategic vision.” 

Commenting on how the intersection between GDPR and POPIA will work, Mathe said, “After May next year, EU companies that deal with SA can only do so if POPIA is in place or if the SA companies can satisfy their EU partner that they have adequate rules and policies in place regarding data protection.” Moreover, South African companies dealing with the EU that violate either act will face fines from both, which includes the 4%/€20 million from GDPR, as well as fines of up to R10 million / jail-time for violation of POPIA.

More on: PwC
South Africa
Company profile
PwC
PwC is not a South Africa partner of Consultancy.org
Partnership information »
Partnership information

Consultancy.org works with three partnership levels: Local, Regional and Global.

PwC is a Local partner of Consultancy.org in Middle East, Netherlands.

Upgrade or more information? Get in touch with our team for details.

Send
PwC seeks to mend relations with PIF following temporary advisory suspension
Middle East
PwC seeks to mend relations with PIF following temporary advisory suspension In a development that has sent shockwaves through the region’s consulting industry, Saudi Arabia’s sovereign wealth fund PIF has imposed a temporary ban on PwC from securing advisory and consulting c
04 March 2025
Navigating the Margin Growth Paradox: Balancing profit and planet
Europe
Navigating the Margin Growth Paradox: Balancing profit and planet As an economic crunch meets the need for green transformation, commercial directors and pricing leaders are facing a crucial dilemma: How can companies optimize pricing while sticking to sustainabili
04 March 2025
Companies in Asia-Pacific making progress on net zero
Asia
Companies in Asia-Pacific making progress on net zero Companies in the Asia-Pacific region have shown stronger net-zero commitments and better disclosures on greenhouse gas emissions, according to a report from PwC, which analyzed the progress of over 700 companies.
26 February 2025
Why managed services are key to realising Vision 2030
Saudi Arabia
Why managed services are key to realising Vision 2030 As Saudi Arabia continues to advance and transform its economy, managed services are increasingly becoming a key model of partnership between organizations and expert providers, writes Abdullah Tamer
25 February 2025
PwC UK appoints Laura Nadel as Manchester market senior partner
United Kingdom
PwC UK appoints Laura Nadel as Manchester market senior partner Laura Nadel has been promoted to the Manchester market senior partner of PwC. She has been with the firm for over a decade.
25 February 2025
17 consulting firms listed in Prosple’s top 100 graduate employers in Australia
Australia
17 consulting firms listed in Prosple’s top 100 graduate employers in Australia What are Australia’s top employers for graduates seeking to kickstart their career in management and technology consulting
24 February 2025
Saudi’s commitment to spending efficiency is driving growth and building resilience
Saudi Arabia
Saudi’s commitment to spending efficiency is driving growth and building resilience As Saudi Arabia continues to diversify its economy, in line with transformative goals outlined in Vision 2030, spending efficiency is emerging as a key priority, writes Riyadh AlNajjar, Chairman of PwC.
20 February 2025
Ex-PwC Sydney managing partner Adam Lai takes on top role at Nido Education
Australia
Ex-PwC Sydney managing partner Adam Lai takes on top role at Nido Education Former PwC Sydney managing partner and company veteran Adam Lai has taken up a new job as the chief executive of early childcare and education group Nido, according to an ASX statement.
13 February 2025

Cyber Security news

Cyber Security consulting firms Cyber Security consulting services

ICT news

ICT consulting firms ICT consulting services

Online news

Online consulting firms Online consulting services

Risk & Compliance news

Risk & Compliance consulting firms Risk & Compliance consulting services