SA companies doing business with EU customers need to consider making changes to their data privacy and oversight processes to conform to new regulations being implemented next year.
South African companies doing business with European Union (EU) customers need to consider making changes to their data privacy, technology and oversight processes in the wake of new privacy rules. On 25 May 2018 new privacy rules formed by the EU will be implemented. The General Data Protection Regulation (GDPR) will replace the Data Protection Directive 95/46/EC.
The new rules will apply to the ‘processing’ of ‘personal data’ by “controllers” and “processors” based in the EU, as well as those located outside of the EU if they provide services and goods to EU customers. The GDPR will also apply to all organisations processing and holding personal data of subjects residing within the EU.
“The GDPR will impact many South African and other organisations across the African continent,” Busisiwe Mathe, Risk Assurance Cyber and Privacy leader, PwC Southern Africa says. “Businesses that do not comply with the GDPR face a potential of up to 4% fine of global revenues, increasing the need for organisations to plan for and implement necessary changes to demonstrate good in the eyes of individuals and regulators.”
South African organisations are awaiting the Protection of Personal Information Act (POPIA). The POPIA is likely to be fully enacted in South Africa in early 2019 and comments on POPIA draft regulations closed on 7 November 2017.
Once POPIA is fully enacted, responsible parties and operators in South Africa, processing personal information will have to comply with POPIA as well as potentially having to comply with the GDPR. The GDPR was introduced by the EU more than a year ago and organisations have been given less than two years to comply with them.
POPIA is South Africa’s first piece of comprehensive data protection legislation. It aims to give effect to the constitutional right to privacy by introducing measures whereby personal information processed by organisations is fair, responsible and conducted in a secure manner.
Mathe adds: “Compliance with POPIA will be a challenge for many organisations. The POPIA compliance journey will require organisations to consider many features within their organisation and strategic vision.” The GDPR and POPIA have many commonalities but also a number of differences, one of the most significant being that POPIA includes “juristic” (business) entities in the definition of personal information – this will significantly increase the scope of personal information and provide additional challenges to comply with POPIA.
“After May next year, EU companies that deal with SA can only do so if POPIA is in place or if the SA companies can satisfy their EU partner that they have adequate rules and policies in place regarding data protection.”
Rav Hayer, Financial Services GDPR Lead, PwC UK adds: “Organisations will have to provide clarity on how customer data is collected and stored. Any breaches of data must be communicated within 72 hours to the responsible regulator, wherever the breech occurred and the subjects reside. ”
The GDPR penalties can be up to 4% of an organisation’s global annual turnover whereas POPIA has a maximum R10 million fine or time behind bars. GDPR penalties are much higher than POPIA. The GDPR penalties stand to hurt companies more financially than POPIA if they ignore them. The reputational damage and loss of customer trust are however important business imperatives to comply with POPIA regardless of the significantly lower fines.
In a recent survey conducted by PwC, nearly all of the respondents (92%) considered compliance with the GDPR a top priority on their data-privacy and security agenda in 2017 – with over half of respondents saying it is “the” top priority and 38% saying it is “among” top priorities. The GDPR Preparedness Pulse Survey examines preparedness and why companies are willing to spend $1 million or more on GDPR readiness plans.
PwC surveyed 300 Chief Privacy Officer, Chief Information Officers, General Counsels, Chief Compliance Officers, and CEOs in US, UK, and Japanese companies about their GDPR programmes.
Only 8% of UK companies have finished all their preparations compared to 22% of US companies. “This is likely to be because the US‘s data privacy regulation is currently a lot more stringent than the UK. In the past the ICO hasn’t been as firm as US regulators as our data privacy law isn’t currently enforceable,” Hayer adds.
While many organisations have already begun this process with a range of compliance efforts, many are still in the assessment phase. But despite their status in preparing to comply with the new regulations, most US Companies are already planning to invest in GDPR. According to survey respondents, over three in four (77%) companies plan to allocate $1 million or more on GDPR readiness and compliance efforts – with 68% saying they will invest between $1 million and $10 million and 9% expecting to spend over $10 million to address GDPR obligations.
Survey results also found that information security enhancement is a top GDPR initiative. While much of the discussion has focused on the law’s privacy-centric requirements, information-security obligations figure prominently in GDPR plans of US companies. Among the 71% who have begun GDPR preparation, the most-cited initiatives in flight are information security, privacy policies, GDPR gap assessment and data discovery.
What should you focus on if you haven’t started your GDPR programme?
PwC found that 5% of UK companies have not started preparing for the GDPR. With less than seven (7) months until the compliance deadline, these organisations risk regulator fines, litigation costs, and lost contract opportunities.
The biggest risk for organisations is likely to be third parties, so it is essential that organisations check that their third party contracts are GDPR compliant, Hayer comments.
How much can organisations expect to spend on their GDPR programme?
Of those companies that have completed their GDPR programme, 40% of US, UK and Japan reported spending more than $10 million. The pattern of increased spending was consistent regardless of company size.
Driving competitor advantage – The GDPR and investor relations
The survey found that some companies see their GDPR programs as a potential differentiator in the market. Among companies who believe they have finished their GDPR programmes, 38% have engaged their investor relations departments, an indicator that they hope to highlight early compliance to help drive competitive advantage. These companies should also look to extend this confidence out to their customers to strengthen customer trust in their business and also test their position in advance of the GDPR going live.
“The ‘compliance journey’ involves innumerable challenges and the task is complicated. Entities may find that they have difficult choices to make about their priorities moving forward. Making changes to ensure compliance with the GDPR will require considerable resource investments and lots of planning,” concludes Hayer.
Deezer to host Hotstix’s Mandela tribute playlist
Deezer is celebrating Nelson Mandela on the centenary of his birthday by hosting a tribute playlist created by music legend Sipho “Hotstix” Mabuse.
Mabuse, a legendary figure in African music, first rose to prominence in the 1970s with his band Harari and later developed a name for himself as a solo artist. One of his best known songs was the global hit BurnOut in the 1980s.
The playlist takes the listener on a captivating musical journey through the life of Nelson Mandela. It was compiled by Mabuse, who consulted with Mandela’s family and friends to ensure that the music would be relevant and accurate. The playlist also features commentary by Mabuse, which was recorded in his Soweto home.
“I have tried to tell the story of the music that Madiba loved,” says Mabuse. “The Playlist excludes the time in prison obviously, as Madiba would not have had exposure to music in that time. We have focused on the music we know he loved before and after that period. This recording was really an emotional journey for me, but an incredible opportunity to document these memories.”
The playlist features the music the young Mandela loved, such as The Manhattan Brothers, Solomon Linda, Brenda Fassie and Miriam Makeba. It includes struggle songs from Chicco, Johnny Clegg, Hugh Masekela and Yvonne Chaka Chaka. The playlist also includes Mandela by Zahara, one of the younger artists who caught Madiba’s ear.
Mabuse also offers stories of his own songs, such as Shikisha, a song greatly beloved by the former President.
“I was delighted to share my thoughts and hope the listeners enjoyed the musical journey,” says Mabuse. “Madiba did enjoy music immensely and we all have a purpose wherever we are in the world to celebrate culture and to learn from different cultures and music forms and styles.”
This playlist was inspired by the Nelson Mandela 100 campaign, calling on corporates and individuals to act as sources of inspiration and engage in conversation and action.
Sports streaming takes off
Live streaming of sports is coming of age as a mainstream method of viewing big games, as the latest FIFA World Cup figures from the UK show. Africa isn’t yet at the same level when it comes to the adoption of sports streaming, but usage is clearly moving in the right direction.
England’s World Cup quarter-final against Sweden was watched by just under 20 million viewers in the UK via BBC One. While this traditional broadcast audience was huge, it was streaming that broke records: the game was the BBC’s most popular online-viewed live programme ever, with 3.8 million views. In Africa, the absolute numbers are lower but the trend towards streaming major sports events on the continent is also well under way.
According to DStv, live streaming of sports dominates the usage figures for its live and recorded TV streaming app, DStv Now. The number of people using the app in June was five times higher than a year ago, with concurrent views peaking during major football and rugby games.
Since the start of the World Cup, average weekday usage of DStv Now is up 60%. The absolute peak in concurrent usage for one event was reached on 26 June, during the Nigeria vs Argentina game. The app’s biggest ever test was on 16 June with both Springbok Rugby and World Cup Football under way at the same time, resulting in concurrent in-app views seven times higher than the peaks seen in June last year.
The World Cup has also been a major reason for new users to download and try out the app. First-time app user volumes have tripled on Android and doubled on iOS since the start of the tournament.
“While we expected live sports streaming to take off, it’s also been pleasing to see that the app is really popular for watching shows on Catch Up,” says MultiChoice South Africa Chief Operating Officer Mark Rayner. “Interestingly, some of the most popular Catch Up shows are local, with Isibaya, Binnelanders, The Queen and The River all getting a significant number of views.”
With respect to app usage, the web and Android apps are the most popular way to watch DStv Now, with Android outpacing iOS by a factor of 2:1.
“We’re continuing to develop DStv Now, with 4k streaming in testing and smart TV and Apple TV apps on their way shortly,” says Rayner. “The other key priority for us is working with the telcos to deliver mobile data propositions that make watching online painless and worry-free for our customers.”
The DStv Now app is free to all 10 million DStv customers in Africa. The app streams DStv live channels as well as supplying an extended Catch Up library. Two separate streams can be watched on different devices simultaneously, and content can also be downloaded to smartphones and tablets. The content available on the app varies according to the DStv package subscribed to.