First things first, what is personal data?
Personal data is information that can be used to identify someone. Examples include names, phone numbers, address, date of birth, passport number, bank account, health records, social media posts, geotagging, race, religious and political opinions – the list goes on. Whilst one or two of these falling into the wrong hands may not say much, like a puzzle, the more pieces there are, the more vivid the user’s life becomes.
What is data privacy and data protection?
Data privacy and data protection both deal with the processing of data. Data protection focuses on protecting assets from unauthorized use, while data privacy defines who is authorized to access the data in the first place. An important distinction is in who controls which part. Users mostly control data privacy because they can control which data they share and with who, on the other hand, data protection is mostly a company’s responsibility. Companies must make sure that the privacy limits set by the users are applied and their data is protected
What is this GDPR and why is everyone talking about it?
It’s no secret that personal data is highly valuable and in fact supports a trillion dollar industry. In 2006, oil and energy companies dominated the list of most valuable firms in the world but by 2016, the list was led by data-aggregators that capitalize on individual data by selling to advertisement networks and marketers looking to target specific segments, influence buyer behaviour and make dynamic pricing decisions – i.e Facebook, Google, Apple, Amazon, Microsoft and countless others. With data being such a commodity, users were somewhat at a disadvantage in terms of the safeguards for their data. That’s where the GDPR comes in.
GDPR stands for General Data Protection Regulation. It is a law to protect the personal data of EU citizens and it has kickstarted a wave of global privacy laws that have changed how we use the internet. The GDPR primarily aims to avoid incidents that lead to personal data being lost, stolen, destroyed or changed. Put simply, it is a regulation you’ll want to take seriously.
OK, but does it apply to me?
Although the GDPR is an EU mandate, its impact is global. If any organisation, EU or otherwise, offers goods or services to or monitors EU data subjects’ behaviour, they’re on the hook. In practice, an online Zimbabwean company selling goods to people in the EU may be expected to comply with the GDPR.
What happens if I don’t comply?
The penalties for non-compliance include fines of up to €20 million or 4% of an organisation’s annual worldwide turnover – whichever is greater. For lesser offences, the fine would be halved.
Those are technical penalties – but what if we told you that even if you don’t have to be GDPR compliant, it would be in your best interest to do so anyway.
The GDPR is currently deemed to be the regulatory “gold standard” for the protection of personal data of consumers. Therefore companies with adequate data protection frameworks, and hence the ability to transfer data internationally, will have a distinct advantage in their ability to crowd in investment and advance trade with larger consumer markets. Non-compliance with the GDPR risks disrupting the USD$14 billion in annual exports from Africa’s digital economy to the EU. Compliance with the GDPR creates a rare opportunity for African countries to establish and strengthen strategic partnerships with the EU.
Who can I speak to about this?
EU supervisory authorities will penalize your business for non-compliance with the GDPR even as a small business. Compliance is imperative and as Emerging Africa we understand how overwhelming the information and requirements may be so let’s engage and help you transition towards compliance.