Foreign data laws


Many South African businesses have now heard of the Protection of Personal Information Act (or POPI), and some have even spent time and money implementing their policies to prepare for their new responsibilities in terms of it.

Businesses have realised that compliance with this new local data protection regime brings not only a good reputation with the regulators, but also with your customers. But in the face of this positive incorporation of this new South African law, many will miss their objective if they are not aware that EU and US data protection laws may simultaneously apply to their operations.


Simply put, if a South African entity processes the personal information of a EU or US resident (even in South Africa), they must adhere to the respective EU or US laws on data protection (in addition to POPI). The EU and US data protection laws are more stringent, laborious and time-consuming than POPI, and a failure to adhere to them when required, can lead to enormous fines. The silver lining is that if you have yet to prepare for POPI, it might be smarter to rather operate by the more stringent EU and US standards, as they will automatically satisfy the standards required for South Africa, whilst simultaneously assuring your foreign customers.

Being compliant with…

The full article is reserved for our subscribers!

Read this article by Thomas Reisenberger, Regulations Lawyer, Legalese  as well as a host of other topical management articles written by professionals, consultants and academics in the August/September 2017 edition of BusinessBrief.

VIEW our subscription options


Questions or problems? | +27(0) 11 788 0880 |



Please enter your comment!
Please enter your name here