GDPR Application – What Your Business Needs to Know
As the General Data Protection Regulation (GDPR) implementation deadline approaches, it is important to understand the changes added to the existing data protection framework, and the extent to which it applies locally in South Africa and overseas.
The GDPR policy focuses on localisation of the individual and business entity whose data is processed, unlike the EU Data Protection Directive that stipulates the location of data processing.
Therefore, the GDPR also comes into effect for businesses outside of EU, South Africa included, which enter trade relations with the EU region.
South African organisations conducting business with EU-based customers could now find themselves under the new GDPR directive, although the customer’s data processing happens on their territory, not EU.
The above forms part of GDPR’s main objectives to ensure a seamless data processing experience between UE-based and non-UE based organisations.
According to the act, any business established in the EU region which also relies on personal data processing in territories outside of the European Union should ensure that the relevant company is compliant with GDPR before May 2018.
XGRC’s solution transforms your company’s data into rich visuals for you to collect and organise, so you can focus on what matters to you. Stay in the know, spot trends as they happen and push your business further.
Hence any South African supplier engaged in local data processing that includes personal data as defined in the GDPR act needs to become compliant and adhere to the new data regulations.
There are important benefits of GDPR compliance for South African organisations acting globally in the technology space, providing cloud-based services, virtualisation, SaaS, IaaS, and data analytics.
GDPR compliance means a rigorous understanding of data security and protection levels for procedures indicating data transfers, processing and analysis in the cloud environment, and over several global territories where the sensitive personal data is used.
Finally, GDPR means enforcing trust and ease of doing business with European companies and territories affected by the new regulations.
MSX Cyber, part of the XGRC product range, assists organisations to drive performance and compliance with its integrated information security management system built on the ISO 9001 Quality and ISO 27001 Information Security framework.
ISO 27001 compliance within ISMS ensures the implementation of proper security controls in line with the latest business, legal, contractual and regulatory requirements. It also adheres to cybersecurity laws such as the General Data Protection Regulation (GDPR) or the NIS Directive.