Data privacy law in South Africa and Europe is built on the foundations of human rights. Regulations such as the Protection of Personal Information Act (Popia) in South Africa and the General Data Protection Regulation (GDPR) in the European Union are the legal walls that uphold these principles.
These laws and their approaches underpin perhaps one of the most critical points that every South African organisation should be considering right now – how to embed data privacy within company and culture. As Brendon Ambrose, GM of data privacy at Atvance Intellect, points out, it may sound like the softer side of compliance compared to anti-money laundering or corporate governance, but it has risen to the fore over the past three years.
Data privacy is treated differently in different countries. In South Africa, it’s part of human rights. In the US, the protections are far less robust, and the concern is more around consumer protection and how organisations can monetise your data. This distinction may not seem like much on the surface, but it is becoming increasingly sticky as data flows across continents and countries. In Europe, the recent Schrems II case, one with a very long and complicated back story, found that the US allowing for digital surveillance was in direct conflict with the rights given to European citizens around privacy and data protection, the implications of which have yet to be fully understood when considered in light of data privacy, data transfer and social media.
to continue reading article published on