Our compliance and regulation expert Thomas Reisenberger contributed to Amplifier with an article outlining the need for local businesses operating in the international sphere to comply not only with the looming POPI legislation, but also with EU and US data protection laws, which may simultaneously apply to their operations.
‘Many South African businesses have now heard of the Protection of Personal Information Act (or POPI), and some have even spent time and money implementing their policies to prepare for their new responsibilities in terms of it. Businesses have realized that compliance with this new local data protection regime brings not only a good reputation with the regulators, but also with your customers. But in the face of this positive incorporation of this new South African law, I dare say that many will miss their objective if they are not aware that EU and US data protection laws may simultaneously apply to their operations.’
‘Simply put, if a South African entity processes the personal information of an EU or US resident (even in South Africa), they must adhere to the respective EU or US laws on data protection (in addition to POPI).’
Read the article via Amplifier here.