There is much discussion in South Africa at the moment about the EU's General Data Protection Regulation (GDPR) which will come into effect on 25 May 2018 and whether we all need to comply. But what, realistically, is required for South African businesses to comply, if at all?

GDPR is clearly not South African law, however, the requirements contained in it will come into effect for all personal data processed in relation to the offering of goods or services to EU citizens or persons residing in the EU. Accordingly, if your company sells products or services or processes personal data pertaining to an EU citizen such as monitoring user's behaviour via your website through the use of cookies, you will need to adhere to the GDPR's requirements. Furthermore, if GDPR is applicable to your company, you will also need to determine whether a Data Protection Officer must be appointed within the organisation.

Non-compliance in terms of GDPR could result in the company being fined up to 4% of the company's  global  revenues.

For more information on whether you are required to comply with GDPR or if you require assistance in drafting a GDPR policy, please do not hesitate to contact KISCH IP. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.