I’ve been closely following the developments in information privacy – overseas and in South Africa. And while Europe and the USA are ahead of us in this regard, we are catching up. I saw an opportunity to expand my knowledge and completed a certification in Information Privacy. I’m now a Certified Information Privacy Professional/ Europe (CIPP/E) through the International Association of Privacy Professionals (IAPP). What does this mean?

The International Association of Privacy Professionals (IAPP) is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organisation that helps define, support and improve the privacy profession globally.

Privacy professionals are the arbiters of trust in today’s data-driven global economy. They help organisations manage rapidly evolving privacy threats and mitigate the potential loss and misuse of information assets.

The CIPP is the global standard in privacy certification. Developed and launched by the IAPP with leading subject matter experts, the CIPP is the world’s first broad-based global privacy and data protection credentialing programme.

The CIPP/E is the first professional credential specific to European data protection professionals that is part of a comprehensive, principles-based framework and knowledge base in information privacy. The CIPP/E encompasses pan-European and national data protection laws, the European model for privacy enforcement, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows.

I now join the ranks of more than 10 000 professionals worldwide who currently hold one or more IAPP certifications.

The General Data Protection Regulation (GDPR)

The GDPR sets rules for the collection and processing of personal information of individuals within the European Union (EU). It came into effect across the EU on 25 May 2018.

In South Africa, the GDPR applies to your business if:

– You offer goods or services to EU-based individuals (either free or paid).

– You monitor the behaviour of EU- based individuals and their behaviour takes place within the union.

In addition, if you’re a Processor for an EU-based company, the GDPR will indirectly apply to your business. (In terms of the GDPR, the supplier/processor contracts must contain certain clauses to ensure appropriate data protection and security measures are in place.)

The Protection of Personal Information Act (POPIA)

POPIA is South Africa’s equivalent of the EU GDPR. It will impact all businesses. The full POPIA will take effect once a date has been determined by the President. It will probably be in 2019. There is a one-year grace period that runs from the effective date – you only have to comply with POPIA at the end of the period. So, the POPIA deadline will presumably only be in 2020.

Not sure if GDPR applies to your business or what’s the difference between a processor and controller? Wondering how POPIA will affect your business? Contact me for more information.

About the author