The EU General Data Protection Regulation (GDPR) is a substantial leap in the protection of data. It came into force on 25 th May 2018 with heavy fines for organisations which do not comply with the regulation. The primary aim of the GPDR is to protect EU citizens against privacy and data breaches. The most notable change remains the increased territorial scope of the regulation where it applies to processing of data by an establishment in the EU regardless of whether the processing takes place in the EU. The application also extends to organisation who are outside the EU if they process personal data in the course of offering goods or services to people in the EU and/or if they monitor the behaviour of data subjects as far as the behaviour takes place in the EU.
While enforcement mechanisms have not yet been fully clarified, non-compliant firms are at risk of heavy fines.
At IPvocate Africa, we can help you in the audit of your services and processes to ensure compliance with the GDPR. Our services range from advising on the compliance of your process and services with the regulation as well as drafting and reviewing private policy agreements.