[:en]<\/p>\n
The international law of data protection has changed and the General Data Protection Regulation (GDPR) came into effect on the 25 May 2018. There is a great deal of information on GDPR. Unfortunately, a lot of it is legal jargon, which can be overwhelming if you are not a legal expert.<\/p>\n
The South African equivalent to GDPR is the Protection of Personal Information Act (POPIA); which has not been finalised yet. This article will explain GDPR, compliance requirements and the key benefits and challenges involved in its implementation.<\/p>\n
Quick overview<\/strong><\/p>\n GDPR is a law that governs data usage, user privacy rights, data risk management and data security systems within private and public organisations. It highlights the rights of individuals, which are\u00a0<\/p>\n Complying with GDPR is not a simple task, and neither will be complying with South Africa\u2019s own Protection of Personal Information Act (POPIA). However, it is unavoidable and cannot be ignored. Managing data privacy is a serious issue. Until the South African Regulations are finalised and enforced, local companies are encouraged to look to the GDPR for guidance. Whilst there are some differences between POPIA and GDPR in requirements, the principles are similar.<\/p>\n How does an organisation comply?<\/strong><\/p>\n Decision makers and key people in the organisation need to be aware that the law has changed to include GDPR, and need to understand its impact on data management.<\/p>\n An information audit, which includes any personal data held by individuals within the organisation, has to be done. The audit will establish which information the organisation has, who it\u2019s shared with and where it came from.<\/p>\n Review your privacy notices and governance, identify gaps and prepare for the changes required when implementing GDPR.<\/p>\n Make sure procedures cover each individual\u2019s rights, including deleting personal data and providing data electronically in all commonly used formats.<\/p>\n Update data management procedures, prepare for handling requests from consumers within the new time-frame and provide additional information.<\/p>\n Understand the different data processing types, the way the organisation performs and identify the legal basis for carrying out and documenting it appropriately.<\/p>\n The way the organisation seeks, obtains and determines consent may need to be reviewed and changed.<\/p>\n Systems to verify ages and can seek parental\/guardian consent for a data processing activities should be designed and developed.<\/p>\n Procedures for both the customer and regulator need to be in place to detect, report and investigate a personal data breach.<\/p>\n Assessments and control frameworks have to be developed with guidance from the regulator. Processes need to be developed and have governance for their use.<\/p>\n Data Protection Officers or a similar role should be appointed to take responsibility for data protection compliance. The organisation has to decide who fits this role best.<\/p>\n If the organisation works internationally, it is important to establish which data protection authority is most appropriate and where processors and controllers are located.<\/p>\n Some benefits of GDPR compliance<\/strong><\/p>\n \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 GDPR compliance will prove to customers that your\u00a0organisation is a good custodian of their data.\u00a0<\/p>\n GDPR compliance lays the groundwork for\u00a0improved data security.<\/p>\n GDPR can help your organisation cut costs by prompting you to retire any data inventory software and legacy applications which are no longer relevant to your business.<\/p>\n GDPR compliance requires that your\u00a0organisation moves toward improving its\u00a0network,\u00a0endpoint, and application security.<\/p>\n Thanks to the GDPR, your\u00a0organisation\u2019s data will become more consolidated, ensuring\u00a0it\u2019s easier to use and you have a\u00a0greater understanding of its underlying value.<\/p>\n Challenges of GDPR compliance<\/strong><\/p>\n GDPR integration in SU IT Department<\/strong><\/p>\n In many ways, Stellenbosch University\u2019s Information Technology Department has been implementing data and security laws and regulations such as GDPR and POPIA for years.<\/p>\n We are constantly reminding users on our blog and social media to keep their passwords protected and not leave their PC\u2019s unlocked and unattended. We are the first to alert users via email with regards to phishing attacks and send out warnings on a regular basis. We have also moved toward cloud storage and are happy to say, Microsoft is GDPR compliant. Users have been encouraged to use OneDrive for data storage as it is more secure.<\/p>\n Information security is important, therefore we will continue to convey the importance to our users. There is also an Information Security Awareness Training Course available on SUNLearn<\/a>.\u00a0<\/p>\n In conclusion, GDPR is beneficial to South African organisations in many ways. Since South African organisations deal with large and sensitive amounts of data, GDPR compliance is required and may reduce security threats and data loss to a large degree. Although this law appears to solve and manage data management issues, there is still limited information regarding their long-term sustainability and among South African users.\u00a0<\/p>\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n