POPIA counterparts in the Global Economy
The questions around data protection, data privacy and POPIA compliance are flying in. Particularly if you are part of a global business. Which law should you comply with? What are the POPIA counterparts in the global economy?
Let’s start with understanding the terms first.
Is there a difference between data privacy, data protection and POPIA?
No. They are all synonyms. South Africa uses the Protection of Personal Information Act (POPIA). When it comes to the protection of our personal and often digitally available information, the international buzz words are data privacy or protection.
The United States often refers to data privacy and European counterpart countries like England in the UK, refer to data protection.
What are the POPIA counterparts in the global economy?
- The GDPR: According to Wikipedia, “The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.” The GDPR affects anyone doing business in Europe or business involving European citizens.
- The ePrivacy Regulation: The EU ePrivacy Regulation could change the way your company advertises online as it may impact new rules about cookies, direct marketing, and business-to-business (B2B) communications. It doesn’t replace the GDPR but rather complements it. The revised draft was submitted in 2020 and expected to only come into effect later in 2021.
South Africa and POPIA
- POPIA: The Protection of Personal Information (POPI or POPIA) Act regulates how organisations handle personal (individuals or businesses) information in South Africa. Personal information ranges from ID numbers, to credit card details that you may take for payments and employment history. The Act regulates how you store, process and share information – MSMonline. It affects most departments within your business such as marketing, finance and HR.
United States of America (USA) data privacy laws
- The data privacy laws in the USA may seem a bit more complex as several individual states adopt their own data privacy laws and regulations. A few US states are following Europe’s GDPR or have similar adaptations, including California, Nevada and Illinois. You can read about the different states and laws to ensure compliance
- According to com, “The Internet is a deregulated territory where tech and social media companies”. However, the US states implementing and enforcing their own data privacy laws, with California taking the lead with the Californian Consumer Privacy Act (CCPA).
- The Privacy Shield: “The EU–US Privacy Shield was a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States.” Without it, you wouldn’t be able to transfer data from the EU to the US and back. For example, Google, Facebook etc wouldn’t be allowed to process the data of Europeans.
Australia’s Data Protection Act
- The Data Protection Act: “The Privacy Act of 1988, with addenda added via the Privacy Regulation 2013 and the Privacy Amendment (Notifiable Data Breaches) Act 2017, is the main legislation governing data privacy in Australia. It has 13 principles that provide a series of rules around data protection, direct marketing, and transparency.” This Act applies to government agencies, companies with an annual turnover +$3-million as well as certain small businesses (including public sector health service providers, credit reporting bodies, and 3rd-party lists of suppliers).
Which data privacy laws should you adhere to?
Remember that data privacy laws can affect multiple departments within an organisation. From the HR manager, to finance, procurement, marketing and more. As we move into the future we all need to take note of POPIA counterparts in the global economy.
From a digital marketing perspective, if you are sending mailers or digital communications FROM South Africa TO another country’s database, you need to comply with that corresponding countries data protection acts.
According to Bizcommunity, “If a digital marketer is profiling and targeting individuals while they are in Europe, the GDPR will apply.” While email and SMS marketing need opt-in consent, it’s a little unclear around the consent of consumers to serve personalised advertising. Reach out to one of our Adclick Africa digital marketing and paid media specialist to discuss your requirements.
If you are a globally owned company, based in South Africa and sending it to your local South African database, you should comply with the POPI Act. Click here for our handy POPIA Compliance Guide. It has multiple checklists your business can use to ensure you are ready by 1 July 2021.