As we celebrate International Data Privacy Day, we think back on 2018. We spent a lot of time dealing with a deluge of questions from companies wondering whether they need to comply with the GDPR, and how they can combine their efforts to comply with the POPIA and the GDPR without reinventing the wheel. In 2019, we expect that companies will start to prepare for the effective date of the POPIA.
Will the POPIA’s effective date be announced this year?
The POPIA has been looming for a while now, but it is not in effect yet. Could 2019 be the year? We think it might be, and we base our belief on the following factors. Firstly, a slow but steady increase in activity at the Information Regulator, the fact that the final regulations were published in December. And secondly, an increase in pressure from the public and civil society for better privacy protection in the face of a deluge of data breaches.
Complying with both the POPIA and the GDPR
As you have probably guessed, if the GDPR applies to your organisation you will have two data protection laws to worry about when the POPIA comes into effect. Most organisations resent having to do one compliance project, let alone two, so we often get asked ‘if we comply with the GDPR, will we be POPIA compliant too?’ Unfortunately, no. While the POPIA and the GDPR have a lot in common, there are some key differences between the two, for example some of the duties in the POPIA are not in the GDPR, and vice versa.
We are also often asked ‘can we develop one set of policies and procedures that will comply with both the POPIA and the GDPR?’ The answer is that it is not only possible, but also preferable because to maintain two different sets of policies depending on whether the POPIA or GDPR applies is virtually impossible. However, to get there, you have some decisions to make. Where the GDPR introduces a concept that isn’t in the POPIA, you will need to decide whether you are happy to adopt it, even though it might not be a requirement for the parts of your organisation that doesn’t have to comply with the GDPR.
To help you to navigate the chaos, we have created a POPIA and GDPR comparison in which we have highlighted the most important differences between the two.