INFORMATION PRIVACY AND THE LAW

I’ve been closely following the developments in information privacy – overseas and in South Africa. And while Europe and the USA are ahead of us in this regard, we are catching up. I saw an opportunity to expand my knowledge and completed a certification in Information Privacy. I’m now a Certified Information Privacy Professional/ Europe (CIPP/E) through the International Association of Privacy Professionals (IAPP). What does this mean?

The International Association of Privacy Professionals (IAPP) is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organisation that helps define, support and improve the privacy profession globally.

Privacy professionals are the arbiters of trust in today’s data-driven global economy. They help organisations manage rapidly evolving privacy threats and mitigate the potential loss and misuse of information assets.

The CIPP is the global standard in privacy certification. Developed and launched by the IAPP with leading subject matter experts, the CIPP is the world’s first broad-based global privacy and data protection credentialing programme.

The CIPP/E is the first professional credential specific to European data protection professionals that is part of a comprehensive, principles-based framework and knowledge base in information privacy. The CIPP/E encompasses pan-European and national data protection laws, the European model for privacy enforcement, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows.

I now join the ranks of more than 10 000 professionals worldwide who currently hold one or more IAPP certifications.

The General Data Protection Regulation (GDPR)

The GDPR sets rules for the collection and processing of personal information of individuals within the European Union (EU). It came into effect across the EU on 25 May 2018.

In South Africa, the GDPR applies to your business if:

– You offer goods or services to EU-based individuals (either free or paid).

– You monitor the behaviour of EU- based individuals and their behaviour takes place within the union.

In addition, the GDPR is forced on non-EU based processors if they want to work for controllers that are subject to GDPR compliance.

The Protection of Personal Information Act (POPIA)

POPIA is South Africa’s equivalent of the EU GDPR. It will impact all businesses. The full POPIA will take effect once a date has been determined by the President. It will probably be in 2019. There is a one-year grace period that runs from the effective date – you only have to comply with POPIA at the end of the period. So, the POPIA deadline will presumably only be in 2020.

Not sure if GDPR applies to your business or what’s the difference between a processor and controller? Wondering how POPIA will affect your business? Contact me for more information.

About the author