Member Article

GDPR - New EU Privacy Rules: African Organisations Take Note

by:  Ridwaan Boda  
Published: Oct, 2017  -  South Africa


On 25 May 2018, a new set of privacy rules formed by the European Union (“EU”) will take effect. The General Data Protection Regulation (“GDPR”) seeks to replace the Data Protection Directive 95/46/EC. Organisations – including many African ones – will need to make changes to their oversight, technology, processes, and human resources to comply with the GDPR. The GDPR not only applies to organisations located within the EU, but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. The GDPR will also apply to all companies processing and holding personal data of data subjects residing in the EU, regardless of the company’s location. As such, many African organisations will be directly affected by the GDPR and will need to comply. Failure to do so can result in organisations being fined up to 4% of annual global turnover or EUR20-million. Such fines are significant and the time to comply is running out. For further information on GDPR compliance and on aligning compliance to South African legislation such as the Protection of Personal Information Act, 2013 (“POPI”), please contact:

Ridwaan Boda

technology, media and telecommunications director [email protected] cell: +27 83 345 1119



© World Services Group, 2018