SA companies doing business with EU customers need to consider making changes to their data privacy and oversight processes to conform to new regulations being implemented next year.
South African companies doing business with European Union (EU) customers need to consider making changes to their data privacy, technology and oversight processes in the wake of new privacy rules. On 25 May 2018 new privacy rules formed by the EU will be implemented. The General Data Protection Regulation (GDPR) will replace the Data Protection Directive 95/46/EC.
The new rules will apply to the ‘processing’ of ‘personal data’ by “controllers” and “processors” based in the EU, as well as those located outside of the EU if they provide services and goods to EU customers. The GDPR will also apply to all organisations processing and holding personal data of subjects residing within the EU.
“The GDPR will impact many South African and other organisations across the African continent,” Busisiwe Mathe, Risk Assurance Cyber and Privacy leader, PwC Southern Africa says. “Businesses that do not comply with the GDPR face a potential of up to 4% fine of global revenues, increasing the need for organisations to plan for and implement necessary changes to demonstrate good in the eyes of individuals and regulators.”
South African organisations are awaiting the Protection of Personal Information Act (POPIA). The POPIA is likely to be fully enacted in South Africa in early 2019 and comments on POPIA draft regulations closed on 7 November 2017.
Once POPIA is fully enacted, responsible parties and operators in South Africa, processing personal information will have to comply with POPIA as well as potentially having to comply with the GDPR. The GDPR was introduced by the EU more than a year ago and organisations have been given less than two years to comply with them.
POPIA is South Africa’s first piece of comprehensive data protection legislation. It aims to give effect to the constitutional right to privacy by introducing measures whereby personal information processed by organisations is fair, responsible and conducted in a secure manner.
Mathe adds: “Compliance with POPIA will be a challenge for many organisations. The POPIA compliance journey will require organisations to consider many features within their organisation and strategic vision.” The GDPR and POPIA have many commonalities but also a number of differences, one of the most significant being that POPIA includes “juristic” (business) entities in the definition of personal information – this will significantly increase the scope of personal information and provide additional challenges to comply with POPIA.
“After May next year, EU companies that deal with SA can only do so if POPIA is in place or if the SA companies can satisfy their EU partner that they have adequate rules and policies in place regarding data protection.”
Rav Hayer, Financial Services GDPR Lead, PwC UK adds: “Organisations will have to provide clarity on how customer data is collected and stored. Any breaches of data must be communicated within 72 hours to the responsible regulator, wherever the breech occurred and the subjects reside. ”
The GDPR penalties can be up to 4% of an organisation’s global annual turnover whereas POPIA has a maximum R10 million fine or time behind bars. GDPR penalties are much higher than POPIA. The GDPR penalties stand to hurt companies more financially than POPIA if they ignore them. The reputational damage and loss of customer trust are however important business imperatives to comply with POPIA regardless of the significantly lower fines.
In a recent survey conducted by PwC, nearly all of the respondents (92%) considered compliance with the GDPR a top priority on their data-privacy and security agenda in 2017 – with over half of respondents saying it is “the” top priority and 38% saying it is “among” top priorities. The GDPR Preparedness Pulse Survey examines preparedness and why companies are willing to spend $1 million or more on GDPR readiness plans.
PwC surveyed 300 Chief Privacy Officer, Chief Information Officers, General Counsels, Chief Compliance Officers, and CEOs in US, UK, and Japanese companies about their GDPR programmes.
Only 8% of UK companies have finished all their preparations compared to 22% of US companies. “This is likely to be because the US‘s data privacy regulation is currently a lot more stringent than the UK. In the past the ICO hasn’t been as firm as US regulators as our data privacy law isn’t currently enforceable,” Hayer adds.
While many organisations have already begun this process with a range of compliance efforts, many are still in the assessment phase. But despite their status in preparing to comply with the new regulations, most US Companies are already planning to invest in GDPR. According to survey respondents, over three in four (77%) companies plan to allocate $1 million or more on GDPR readiness and compliance efforts – with 68% saying they will invest between $1 million and $10 million and 9% expecting to spend over $10 million to address GDPR obligations.
Survey results also found that information security enhancement is a top GDPR initiative. While much of the discussion has focused on the law’s privacy-centric requirements, information-security obligations figure prominently in GDPR plans of US companies. Among the 71% who have begun GDPR preparation, the most-cited initiatives in flight are information security, privacy policies, GDPR gap assessment and data discovery.
What should you focus on if you haven’t started your GDPR programme?
PwC found that 5% of UK companies have not started preparing for the GDPR. With less than seven (7) months until the compliance deadline, these organisations risk regulator fines, litigation costs, and lost contract opportunities.
The biggest risk for organisations is likely to be third parties, so it is essential that organisations check that their third party contracts are GDPR compliant, Hayer comments.
How much can organisations expect to spend on their GDPR programme?
Of those companies that have completed their GDPR programme, 40% of US, UK and Japan reported spending more than $10 million. The pattern of increased spending was consistent regardless of company size.
Driving competitor advantage – The GDPR and investor relations
The survey found that some companies see their GDPR programs as a potential differentiator in the market. Among companies who believe they have finished their GDPR programmes, 38% have engaged their investor relations departments, an indicator that they hope to highlight early compliance to help drive competitive advantage. These companies should also look to extend this confidence out to their customers to strengthen customer trust in their business and also test their position in advance of the GDPR going live.
“The ‘compliance journey’ involves innumerable challenges and the task is complicated. Entities may find that they have difficult choices to make about their priorities moving forward. Making changes to ensure compliance with the GDPR will require considerable resource investments and lots of planning,” concludes Hayer.
Earth 2050: memory chips for kids, telepathy for adults
An astonishing set of predictions for the next 30 years includes a major challenge to the privacy of our thoughts.
Buy 2050, most kids may be fitted with the latest memory boosting implants, and adults will have replaced mobile devices with direct connectivity through brain implants, powered by thought.
These are some of the more dramatic forecasts in Earth 2050, an award-winning, interactive multimedia project that accumulates predictions about social and technological developments for the upcoming 30 years. The aim is to identify global challenges for humanity and possible ways of solving these challenges. The website was launched in 2017 to mark Kaspersky Lab’s 20th birthday. It comprises a rich variety of predictions and future scenarios, covering a wide range of topics.
Recently a number of new contributions have been added to the site. Among them Lord Martin Rees, the UK’s Astronomer Royal, Professor at Cambridge University and former President of the Royal Society; investor and entrepreneur Steven Hoffman, Peter Tatchell, human rights campaigner, along withDmitry Galov, security researcher and Alexey Malanov, malware analyst at Kaspersky Lab.
The new visions for 2050 consider, among other things:
- The replacement of mobile devices with direct connectivity through brain implants, powered by thought – able to upload skills and knowledge in return – and the impact of this on individual consciousness and privacy of thought.
- The ability to transform all life at the genetic level through gene editing.
- The potential impact of mistakes made by advanced machine-learning systems/AI.
- The demise of current political systems and the rise of ‘citizen governments’, where ordinary people are co-opted to approve legislation.
- The end of the techno-industrial age as the world runs out of fossil fuels, leading to economic and environmental devastation.
- The end of industrial-scale meat production, as most people become vegan and meat is cultured from biopsies taken from living, outdoor reared livestock.
The hypothetical prediction for 2050 from Dmitry Galov, security researcher at Kaspersky Lab is as follows: “By 2050, our knowledge of how the brain works, and our ability to enhance or repair it is so advanced that being able to remember everything and learn new things at an outrageous speed has become commonplace. Most kids are fitted with the latest memory boosting implants to support their learning and this makes education easier than it has ever been.
“Brain damage as a result of head injury is easily repaired; memory loss is no longer a medical condition, and people suffering from mental illnesses, such as depression, are quickly cured. The technologies that underpin this have existed in some form since the late 2010s. Memory implants are in fact a natural progression from the connected deep brain stimulation implants of 2018.
“But every technology has another side – a dark side. In 2050, the medical, social and economic impact of memory boosting implants are significant, but they are also vulnerable to exploitation and cyber-abuse. New threats that have appeared in the last decade include the mass manipulation of groups through implanted or erased memories of political events or conflicts, and even the creation of ‘human botnets’.
“These botnets connect people’s brains into a network of agents controlled and operated by cybercriminals, without the knowledge of the victims themselves. Repurposed cyberthreats from previous decades are targeting the memories of world leaders for cyber-espionage, as well as those of celebrities, ordinary people and businesses with the aim of memory theft, deletion of or ‘locking’ of memories (for example, in return for a ransom).
“This landscape is only possible because, in the late 2010s when the technologies began to evolve, the potential future security vulnerabilities were not considered a priority, and the various players: healthcare, security, policy makers and more, didn’t come together to understand and address future risks.”
For more information and the full suite of inspirational and thought-provoking predictions, visit Earth 2050.
SAFTA awards get first streaming video nominees
The 2019 nominations for The South African Film and Television Awards (SAFTAs) were announced late last week, and for the first time in the 13-year history of the awards, a TV series produced for a video-on-demand service was in contention. The result was a surprise boost to streaming service Showmax.
The comedy series Tali’s Wedding Diary, which premiered in December 2017, represented a major step for the then two-year old streaming service. It was the debut Showmax Original, the first time Showmax ventured into producing its own content. The gamble paid off, with the show becoming the most watched of any series on its first day on Showmax, and now Tali’s Wedding Diary has been further recognised with seven SAFTA nominations, making it this year’s most nominated comedy.
“When we first floated the idea of Tali’s Wedding Diary, we joked about winning awards,” says Candice Fangueiro, Showmax’s head of content. “At that point, just getting our first Showmax Original off the ground was already a major challenge and it was more than we could hope for to actually hit it out of the park. I was stunned when I heard the news about the nominations – it’s amazing to be considered in the same company as these other shows and thanks to this we’re already seeing a fresh spike in Tali views.”
Tali’s Wedding Diary was also a first for co-creator and star Julia Anastasopoulos, who until then was best known as YouTube star SuzelleDIY. “I am so thrilled about the SAFTA nominations for Tali’s Wedding Diary,” says Julia, who is up for Best Actress – TV Comedy and Best Achievement in Scriptwriting – TV Comedy, along with her husband Ari Kruger and Daniel Zimbler.
“It was such a big and daunting step to create a full TV comedy series and intro a brand-new character. I really didn’t know how it would be received and am so happy to have received such positive feedback for the show and the Tali Babes character, along with the nominations. It feels so good to be recognised for something we poured our hearts into. None of it would have been possible, of course, without the incredible hard work and vision of my husband Ari and the incredible team, cast and crew that were part of the show. And a huge thank you to Showmax of course for making it all possible. Congratulations and best of luck to the entire team and to all the other nominees.”
Tali’s Wedding Diary is a mockumentary that follows Tali, a self-obsessed Joburg princess who’s moved to Cape Town and is planning her wedding to property-agent fiancé Darren (Anton Taylor). The series was inspired by Julia’s own wedding to Ari, her SuzelleDIY and Tali’s Wedding Diary co-creator, who is also up for Best Achievement In Directing – TV Comedy.
In addition to Julia and Ari’s nominations, Tali’s Wedding Diary is up for Best TV Comedy, Art Direction (Keren Setton), Cinematography (James Adey), and Editing (Richard Starkey). Winners will be announced on 2 March 2019 at Sun City Superbowl.
Following the success of Tali’s Wedding Diary, the second Showmax Original, The Girl From St Agnes, was released earlier this month. A third Showmax Original, Trippin With Skhumba, is slated for release at the end of February.
“With three Showmax Originals now under our belt and more on the way, we’d like to think this is the start of many more SAFTA nominations for shows from a streaming service,” concludes Candice.
South African content currently on Showmax has 110 nominations and includes the most nominated movie (Five Fingers With Marseilles), telenovela (The River), drama (Lockdown) and soap (Isibaya), with more SAFTA nominees scheduled for the coming months.