By Louis Otieno
…What is GDPR – and who does it apply to?
GDPR is a new regulation that will provide individuals in the EU with greater control over their personal information. It will introduce tighter rules on organisations that handle, collect or analyse personal data, be it a contact number, photo or computer IP address. National regulators will also have increased authority to impose substantial consequences on organisations who do not comply.
The reason why African businesses need to take notice is because the regulation also addresses the export of personal data outside of the EU.
Simply put, if you do – or ever plan to do – business with or process the data of any individual living in the EU, GDPR applies to you, irrespective of your size or where you are.
Why should startups be concerned about GDPR?
As we bring more entrepreneurs, businesses and developers online and into the cloud, they have the opportunity to market their products, apps and solutions internationally.
However, as countries impose tighter regulations on data protection, startups who do not comply will be limited in their ability to scale and operate internationally – or even secure overseas investment.
Without adequate security practices in place, startups will be seen by European countries as a high risk from a data protection perspective – and they won’t do business with you.
Not complying with GDPR will limit your ability to have employees in the EU, sell or market your products online or offline in the EU, partner with an EU organisation; or receive funding from an EU-based investor.
GDPR is also set to become the standard benchmark for data protection. Even if you aren’t affected by this specific regulation today, you could be affected by a new one tomorrow, as countries continue to ramp up their own data protection laws.
Countries like South Africa, for example, have signed the Protection of Personal Information Act (POPI) into law. Similar to GDPR, businesses and governments will be lawfully responsible for collecting, storing and using personal information. For businesses with ties to the EU, they will need to comply with both POPI and GDPR, or risk facing hefty fines.
The best option for startups who hope to succeed in today’s digital age is to start introducing robust data protection practices now…