Read time: 3 minutes

ITWeb workshop to unpack requirements of GDPR, POPI

Following years of preparation and planning, on 25 May this year, the General Data Protection Regulation (GDPR) came into effect across the EU, with implications for businesses and consumers across in the region and further.

At their heart, the regulations were designed to reflect the 'information age' we're living in, where stories of major security breaches litter the headlines on a daily basis. The laws are obligating businesses to be far more careful with their customers' personal data and privacy.

"While South African businesses think they may not be affected by the GDPR, this isn't the case. Any business that provides a service in the EU has to comply, irrespective of whether the service provider has a presence in the EU or the recipient of the service is a citizen of the region," says Angela Mace, CRM and events director at ITWeb.

To help South African businesses better understand the GDPR and its implications for them, ITWeb is offering a workshop: 'Comparing the implementation requirements of the GDPR to those of POPIA', during its GDPR Update 2018 event, to be held at The Forum in Bryanston, from 6 to 9 November 2018. The workshop will run from 8am to 12:30pm on 6 November, and will include lunch and an opportunity for delegates to network.

[SIDEBAR]The workshop will be run by Peter Hill, director at IT Governance Network, and is based on over 10 years of practical experience with data protection legislation in South Africa and Europe.

Complying with new data protection legislation, such as GDPR or POPI, isn't simple or easy, as both are technical and complex, adds Mace. Too often, compliance initiatives are a burden on company resources, taking up the valuable time of employees who should be focusing on core business initiatives.

"This half-day course will provide attendees with an overview of both the GDPR and POPIA; it will cover the similarities and the differences and focus on the key implementation steps to fulfil the legal obligations of the GDPR and POPIA," she explains.

According to Mace, the course will cover the data protection objectives of the GDPR and POPIA, the similarities and differences between the two, as well as who is "accountable" for GDPR and POPIA compliance.

"It will give an overview of the processes and documentation required for GDPR and POPIA compliance, and will discuss the role and responsibilities of data controllers and responsible parties, processors and operators based in South Africa, and data protection officers and information officers."

It will also look at taking a risk-based approach to compliance with the GDPR and POPIA, the rights of data subjects under both legislations, tools to demonstrate compliance with the GDPR and POPIA, and transforming legal obligations into technical and organisational measures. "Delegates will also learn about preparing for non-compliance with the GDPR and POPIA."