According to data protection law enforcement in South Africa, it is also based on the GDPR from Europe, but it has some differences. The first main difference is the name as the law enforcement in South Africa is called the Protection of Personal Information Act (POPIA).
But how is the European GDPR and the South African POPIA different? And what should you be aware of as a South African website?
I this article we will give you an insight in these questions.
What is the European General Data Protection Regulation?
The GDPR came into effect on May 25th,2018 and was the most significant data protection law enforcement in the past two decades.
It is a legal framework that set guidelines for the processing and collection of personal information from people that live in the EU. Thereby the main purpose of the GDPR is to protect personal identities and personal information.
According to websites, is affects all websites all websites that attracts European visitors, even if they don’t specifically market their goods to Europeans.
The most important aspect of the GDPR is that every single visitor must be notified about data collection of personal information. The visitor must explicit accept the collection of personal information to enter the website – If the visitor doesn’t accept, they will not be allowed to enter the website.
What is South African protection of Personal Information Act?
Since the GDPR was the first significant data protection law enforcement, law enforcements that affects other nations or regions are inspired by the GDPR – and POPIA isn’t an exception. As a result, South Africa has it’s own data law enforcement.
POPIA was enforced on July 1st, 2021 and the law enforcement affects all websites, companies and organizations that process personal information of people within South African territory.
Opposite the GDPR, POPIA’s definition of personal information if very broad. According to POPIA, personal information is information that is related to either a person, a organization or a legal entity. Thereby the POPIA seeks to protect individuals as well as organizations and companies.
What are the main differences between GDPR and POPIA?
As mentioned above the main difference between GDPR and POPIA is that the European GDPR seeks to protect individuals, where POPIA seeks to protect companies and organizations as well.
To explain this further there are some very significant differences when it comes to requirements for companies and organizations. In South Africa every single company or organization is required to appoint an information officer. In Europe companies are only required to appoint an information officer if the organization or company has more than 250 employees.