{"id":1179,"date":"2019-11-21T16:02:30","date_gmt":"2019-11-21T14:02:30","guid":{"rendered":"https:\/\/swifttechlaw.com\/?p=1179"},"modified":"2019-12-17T08:24:58","modified_gmt":"2019-12-17T06:24:58","slug":"walking-the-line-between-popia-and-gdpr","status":"publish","type":"post","link":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/","title":{"rendered":"WALKING THE LINE BETWEEN POPIA AND GDPR"},"content":{"rendered":"<p>Where did POPIA and GDPR originate from? A lesser-known fact is that the European Union is the birthplace of modern information privacy laws. The right to privacy has existed for centuries. However, E.U countries experienced first-hand how the abuse of personal information can lead to detrimental (sometimes fatal) consequences. This led to the adoption of the European Union Data Protection Directive (EUDPD) in the mid-1990\u2019s in an effort to regulate the use of information.<\/p>\n<p>Since then, the digital age has presented major challenges to regulation. Technology enables the transfer of vast amounts of information across borders with many benefits. However, it simultaneously enables the citizens from countries governed by privacy legislation to transfer data outside their borders and bypass restrictions. In response, information privacy laws were amended to prohibit the transfer of personal information to countries with lower standards of legal regulation than their own.<\/p>\n<p>In this context South Africa promulgated the Protection of Personal Information Act (POPIA). It ensures that South Africa is able to process information and conduct business with European countries for commercial benefit. Conversely, POPIA advances the right to privacy contained in the South African Constitution and imposes harsh sanctions for non-compliance.<\/p>\n<p>In an expanding digital economy, stake holders within South Africa and the E.U increasingly process personal information across both jurisdictions. While South Africa and the E.U both have comprehensive laws in place, there are disparities and similarities between both. This creates a frequently asked, seldom answered question:<\/p>\n<p>When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple, but a basic understanding can assist.<\/p>\n<h4><strong>What POPIA compliant organisations need to know about the GDPR<\/strong><\/h4>\n<p>POPIA extends to the protection of personal information of juristic persons (i.e. legal entities) and not just individuals, making it more extensive and stringent than the GDPR which only applies to natural persons. It is therefore necessary for South African organisations to ensure that should they engage in business with organisations who are GDPR compliant, that these organisations extend their data protection to juristic persons in order to align with POPIA requirements.<\/p>\n<p>POPIA is also more stringent in its requirement that an Information Officer should be appointed for all organisations, while the GDPR only requires the appointment of a Data Protection Officer for certain organisations.<\/p>\n<p>Furthermore, the GDPR has much larger fines than POPIA. The GDPR carries fines of up to \u20ac20 Million or 4% of the global annual turnover, whichever is higher. The maximum penalties under POPIA are a R10 million fine and\/or imprisonment for a period not exceeding 10 years, where the GDPR considers the latter to be a matter for member state law. Read more on POPIA requirements <a href=\"https:\/\/swifttechlaw.com\/popia-compliance-when-the-information-regulator-comes-knocking\/\">here<\/a>.<\/p>\n<h4><strong>What GDPR compliant organisations need to know about POPIA<\/strong><\/h4>\n<p>While the concept of privacy by design is mandated by the GDPR, it is not mentioned in POPIA at all and remains a best practice option or voluntary approach for POPIA compliant organisations.<\/p>\n<p>The GDPR furthermore provides data subjects with the benefits of data portability where data subjects may request that their data be transferred to another controller or service provider. This right is not extended to data subjects under POPIA.<\/p>\n<p>The GDPR also mandates that data protection impact assessments\u00a0be conducted and that evidence or documentation of such assessments be maintained. Currently there is no corresponding requirement under POPIA.<\/p>\n<h4><strong>The best way forward<\/strong><\/h4>\n<p>When it comes to information privacy compliance, there is no one-size-fits-all solution. As a point of departure, if you\u2019re processing personal information (or personal data) regulated by POPIA and GDPR, you must satisfy the requirements of both jurisdictions. The good news is that adapting POPIA or GDPR for dual legal compliance is not onerous or invasive. It however requires expertise in both areas to ensure secure data-related commercial transactions.<\/p>\n<p>Contact SwiftTechLaw <a href=\"https:\/\/swifttechlaw.com\/contact\/\">here<\/a> to enroll in our Privacy Law Compliance Program for 2020.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Where did POPIA and GDPR originate from? A lesser-known fact is that the European Union is the birthplace of modern information privacy laws. The right to privacy has existed for centuries. However, E.U countries experienced first-hand how the abuse of personal information can lead to detrimental (sometimes fatal) consequences. This led to the adoption of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1183,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[26,38,1],"tags":[51,52,39,61,60],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.7.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WALKING THE LINE BETWEEN POPIA AND GDPR - Swift Tech Law<\/title>\n<meta name=\"description\" content=\"When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WALKING THE LINE BETWEEN POPIA AND GDPR - Swift Tech Law\" \/>\n<meta property=\"og:description\" content=\"When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/\" \/>\n<meta property=\"og:site_name\" content=\"Swift Tech Law\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Swift-Tech-Law-703437963350634\/?ref=br_rs\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-21T14:02:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-17T06:24:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swifttechlaw.com\/wp-content\/uploads\/2019\/12\/rope.png\" \/>\n\t<meta property=\"og:image:width\" content=\"409\" \/>\n\t<meta property=\"og:image:height\" content=\"291\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"SwiftLaw\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SwiftLaw\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/\"},\"author\":{\"name\":\"SwiftLaw\",\"@id\":\"https:\/\/swifttechlaw.com\/#\/schema\/person\/6bf71180958c18730d728c674b5198e3\"},\"headline\":\"WALKING THE LINE BETWEEN POPIA AND GDPR\",\"datePublished\":\"2019-11-21T14:02:30+00:00\",\"dateModified\":\"2019-12-17T06:24:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/\"},\"wordCount\":659,\"publisher\":{\"@id\":\"https:\/\/swifttechlaw.com\/#organization\"},\"keywords\":[\"GDPR\",\"Information Privacy\",\"POPIA\",\"swift tech law\",\"swifttechlaw\"],\"articleSection\":[\"Governance risk and compliance (GRC)\",\"Information Privacy\",\"Uncategorized\"],\"inLanguage\":\"en-ZA\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/\",\"url\":\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/\",\"name\":\"WALKING THE LINE BETWEEN POPIA AND GDPR - Swift Tech Law\",\"isPartOf\":{\"@id\":\"https:\/\/swifttechlaw.com\/#website\"},\"datePublished\":\"2019-11-21T14:02:30+00:00\",\"dateModified\":\"2019-12-17T06:24:58+00:00\",\"description\":\"When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple.\",\"breadcrumb\":{\"@id\":\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/#breadcrumb\"},\"inLanguage\":\"en-ZA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swifttechlaw.com\/home\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WALKING THE LINE BETWEEN POPIA AND GDPR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swifttechlaw.com\/#website\",\"url\":\"https:\/\/swifttechlaw.com\/\",\"name\":\"Swift Tech Law\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/swifttechlaw.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swifttechlaw.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-ZA\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swifttechlaw.com\/#organization\",\"name\":\"SwiftTechLaw\",\"url\":\"https:\/\/swifttechlaw.com\/\",\"sameAs\":[\"https:\/\/www.instagram.com\/swifttechlaw\/\",\"https:\/\/www.linkedin.com\/company\/swifttechlaw\/\",\"https:\/\/www.youtube.com\/channel\/UCNg_CXJY_y2r4eISp6MYW3Q\/videos\",\"https:\/\/www.facebook.com\/Swift-Tech-Law-703437963350634\/?ref=br_rs\"],\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-ZA\",\"@id\":\"https:\/\/swifttechlaw.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swifttechlaw.com\/wp-content\/uploads\/2019\/12\/Swift-Tech-Law-Logo-2017-2-2.jpg\",\"contentUrl\":\"https:\/\/swifttechlaw.com\/wp-content\/uploads\/2019\/12\/Swift-Tech-Law-Logo-2017-2-2.jpg\",\"width\":1527,\"height\":320,\"caption\":\"SwiftTechLaw\"},\"image\":{\"@id\":\"https:\/\/swifttechlaw.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/swifttechlaw.com\/#\/schema\/person\/6bf71180958c18730d728c674b5198e3\",\"name\":\"SwiftLaw\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-ZA\",\"@id\":\"https:\/\/swifttechlaw.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/30d41f18bcf97a23e58199a301fc8283?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/30d41f18bcf97a23e58199a301fc8283?s=96&d=mm&r=g\",\"caption\":\"SwiftLaw\"},\"url\":\"https:\/\/swifttechlaw.com\/author\/swiftlaw\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WALKING THE LINE BETWEEN POPIA AND GDPR - Swift Tech Law","description":"When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/","og_locale":"en_US","og_type":"article","og_title":"WALKING THE LINE BETWEEN POPIA AND GDPR - Swift Tech Law","og_description":"When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple.","og_url":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/","og_site_name":"Swift Tech Law","article_publisher":"https:\/\/www.facebook.com\/Swift-Tech-Law-703437963350634\/?ref=br_rs","article_published_time":"2019-11-21T14:02:30+00:00","article_modified_time":"2019-12-17T06:24:58+00:00","og_image":[{"width":409,"height":291,"url":"https:\/\/swifttechlaw.com\/wp-content\/uploads\/2019\/12\/rope.png","type":"image\/png"}],"author":"SwiftLaw","twitter_card":"summary","twitter_misc":{"Written by":"SwiftLaw","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/#article","isPartOf":{"@id":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/"},"author":{"name":"SwiftLaw","@id":"https:\/\/swifttechlaw.com\/#\/schema\/person\/6bf71180958c18730d728c674b5198e3"},"headline":"WALKING THE LINE BETWEEN POPIA AND GDPR","datePublished":"2019-11-21T14:02:30+00:00","dateModified":"2019-12-17T06:24:58+00:00","mainEntityOfPage":{"@id":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/"},"wordCount":659,"publisher":{"@id":"https:\/\/swifttechlaw.com\/#organization"},"keywords":["GDPR","Information Privacy","POPIA","swift tech law","swifttechlaw"],"articleSection":["Governance risk and compliance (GRC)","Information Privacy","Uncategorized"],"inLanguage":"en-ZA"},{"@type":"WebPage","@id":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/","url":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/","name":"WALKING THE LINE BETWEEN POPIA AND GDPR - Swift Tech Law","isPartOf":{"@id":"https:\/\/swifttechlaw.com\/#website"},"datePublished":"2019-11-21T14:02:30+00:00","dateModified":"2019-12-17T06:24:58+00:00","description":"When are South African entities bound by the GDPR and when are European entities bound by POPIA? The answer is not always simple.","breadcrumb":{"@id":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/#breadcrumb"},"inLanguage":"en-ZA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/swifttechlaw.com\/walking-the-line-between-popia-and-gdpr\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swifttechlaw.com\/home\/"},{"@type":"ListItem","position":2,"name":"WALKING THE LINE BETWEEN POPIA AND GDPR"}]},{"@type":"WebSite","@id":"https:\/\/swifttechlaw.com\/#website","url":"https:\/\/swifttechlaw.com\/","name":"Swift Tech Law","description":"","publisher":{"@id":"https:\/\/swifttechlaw.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swifttechlaw.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-ZA"},{"@type":"Organization","@id":"https:\/\/swifttechlaw.com\/#organization","name":"SwiftTechLaw","url":"https:\/\/swifttechlaw.com\/","sameAs":["https:\/\/www.instagram.com\/swifttechlaw\/","https:\/\/www.linkedin.com\/company\/swifttechlaw\/","https:\/\/www.youtube.com\/channel\/UCNg_CXJY_y2r4eISp6MYW3Q\/videos","https:\/\/www.facebook.com\/Swift-Tech-Law-703437963350634\/?ref=br_rs"],"logo":{"@type":"ImageObject","inLanguage":"en-ZA","@id":"https:\/\/swifttechlaw.com\/#\/schema\/logo\/image\/","url":"https:\/\/swifttechlaw.com\/wp-content\/uploads\/2019\/12\/Swift-Tech-Law-Logo-2017-2-2.jpg","contentUrl":"https:\/\/swifttechlaw.com\/wp-content\/uploads\/2019\/12\/Swift-Tech-Law-Logo-2017-2-2.jpg","width":1527,"height":320,"caption":"SwiftTechLaw"},"image":{"@id":"https:\/\/swifttechlaw.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/swifttechlaw.com\/#\/schema\/person\/6bf71180958c18730d728c674b5198e3","name":"SwiftLaw","image":{"@type":"ImageObject","inLanguage":"en-ZA","@id":"https:\/\/swifttechlaw.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/30d41f18bcf97a23e58199a301fc8283?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/30d41f18bcf97a23e58199a301fc8283?s=96&d=mm&r=g","caption":"SwiftLaw"},"url":"https:\/\/swifttechlaw.com\/author\/swiftlaw\/"}]}},"_links":{"self":[{"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/posts\/1179"}],"collection":[{"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/comments?post=1179"}],"version-history":[{"count":6,"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/posts\/1179\/revisions"}],"predecessor-version":[{"id":1219,"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/posts\/1179\/revisions\/1219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/media\/1183"}],"wp:attachment":[{"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/media?parent=1179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/categories?post=1179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swifttechlaw.com\/wp-json\/wp\/v2\/tags?post=1179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}