SA companies doing business with EU customers need to consider making changes to their data privacy and oversight processes to conform to new regulations being implemented next year.
South African companies doing business with European Union (EU) customers need to consider making changes to their data privacy, technology and oversight processes in the wake of new privacy rules. On 25 May 2018 new privacy rules formed by the EU will be implemented. The General Data Protection Regulation (GDPR) will replace the Data Protection Directive 95/46/EC.
The new rules will apply to the ‘processing’ of ‘personal data’ by “controllers” and “processors” based in the EU, as well as those located outside of the EU if they provide services and goods to EU customers. The GDPR will also apply to all organisations processing and holding personal data of subjects residing within the EU.
“The GDPR will impact many South African and other organisations across the African continent,” Busisiwe Mathe, Risk Assurance Cyber and Privacy leader, PwC Southern Africa says. “Businesses that do not comply with the GDPR face a potential of up to 4% fine of global revenues, increasing the need for organisations to plan for and implement necessary changes to demonstrate good in the eyes of individuals and regulators.”
South African organisations are awaiting the Protection of Personal Information Act (POPIA). The POPIA is likely to be fully enacted in South Africa in early 2019 and comments on POPIA draft regulations closed on 7 November 2017.
Once POPIA is fully enacted, responsible parties and operators in South Africa, processing personal information will have to comply with POPIA as well as potentially having to comply with the GDPR. The GDPR was introduced by the EU more than a year ago and organisations have been given less than two years to comply with them.
POPIA is South Africa’s first piece of comprehensive data protection legislation. It aims to give effect to the constitutional right to privacy by introducing measures whereby personal information processed by organisations is fair, responsible and conducted in a secure manner.
Mathe adds: “Compliance with POPIA will be a challenge for many organisations. The POPIA compliance journey will require organisations to consider many features within their organisation and strategic vision.” The GDPR and POPIA have many commonalities but also a number of differences, one of the most significant being that POPIA includes “juristic” (business) entities in the definition of personal information – this will significantly increase the scope of personal information and provide additional challenges to comply with POPIA.
“After May next year, EU companies that deal with SA can only do so if POPIA is in place or if the SA companies can satisfy their EU partner that they have adequate rules and policies in place regarding data protection.”
Rav Hayer, Financial Services GDPR Lead, PwC UK adds: “Organisations will have to provide clarity on how customer data is collected and stored. Any breaches of data must be communicated within 72 hours to the responsible regulator, wherever the breech occurred and the subjects reside. ”
The GDPR penalties can be up to 4% of an organisation’s global annual turnover whereas POPIA has a maximum R10 million fine or time behind bars. GDPR penalties are much higher than POPIA. The GDPR penalties stand to hurt companies more financially than POPIA if they ignore them. The reputational damage and loss of customer trust are however important business imperatives to comply with POPIA regardless of the significantly lower fines.
In a recent survey conducted by PwC, nearly all of the respondents (92%) considered compliance with the GDPR a top priority on their data-privacy and security agenda in 2017 – with over half of respondents saying it is “the” top priority and 38% saying it is “among” top priorities. The GDPR Preparedness Pulse Survey examines preparedness and why companies are willing to spend $1 million or more on GDPR readiness plans.
PwC surveyed 300 Chief Privacy Officer, Chief Information Officers, General Counsels, Chief Compliance Officers, and CEOs in US, UK, and Japanese companies about their GDPR programmes.
Only 8% of UK companies have finished all their preparations compared to 22% of US companies. “This is likely to be because the US‘s data privacy regulation is currently a lot more stringent than the UK. In the past the ICO hasn’t been as firm as US regulators as our data privacy law isn’t currently enforceable,” Hayer adds.
While many organisations have already begun this process with a range of compliance efforts, many are still in the assessment phase. But despite their status in preparing to comply with the new regulations, most US Companies are already planning to invest in GDPR. According to survey respondents, over three in four (77%) companies plan to allocate $1 million or more on GDPR readiness and compliance efforts – with 68% saying they will invest between $1 million and $10 million and 9% expecting to spend over $10 million to address GDPR obligations.
Survey results also found that information security enhancement is a top GDPR initiative. While much of the discussion has focused on the law’s privacy-centric requirements, information-security obligations figure prominently in GDPR plans of US companies. Among the 71% who have begun GDPR preparation, the most-cited initiatives in flight are information security, privacy policies, GDPR gap assessment and data discovery.
What should you focus on if you haven’t started your GDPR programme?
PwC found that 5% of UK companies have not started preparing for the GDPR. With less than seven (7) months until the compliance deadline, these organisations risk regulator fines, litigation costs, and lost contract opportunities.
The biggest risk for organisations is likely to be third parties, so it is essential that organisations check that their third party contracts are GDPR compliant, Hayer comments.
How much can organisations expect to spend on their GDPR programme?
Of those companies that have completed their GDPR programme, 40% of US, UK and Japan reported spending more than $10 million. The pattern of increased spending was consistent regardless of company size.
Driving competitor advantage – The GDPR and investor relations
The survey found that some companies see their GDPR programs as a potential differentiator in the market. Among companies who believe they have finished their GDPR programmes, 38% have engaged their investor relations departments, an indicator that they hope to highlight early compliance to help drive competitive advantage. These companies should also look to extend this confidence out to their customers to strengthen customer trust in their business and also test their position in advance of the GDPR going live.
“The ‘compliance journey’ involves innumerable challenges and the task is complicated. Entities may find that they have difficult choices to make about their priorities moving forward. Making changes to ensure compliance with the GDPR will require considerable resource investments and lots of planning,” concludes Hayer.
Now download a bank account
Absa has introduced an end-to-end account opening for new customers, through the Absa Banking App, which can be downloaded from the Android and Apple app stores. This follows the launch of the world first ChatBanking on WhatsApp service.
This “download your account” feature enables new customers to Absa, to open a Cheque account, order their card and start transacting on the Absa Banking App, all within minutes, from anywhere and at any time, by downloading it from the App stores.
“Overall, this new capability is not only expected to enhance the customer’s digital experience, but we expect to leverage this in our branches, bringing digital experiences to the branch environment and making it easier for our customers to join and bank with us regardless of where they may be,” says Aupa Monyatsi, Managing Executive for Virtual Channels at Absa Retail & Business Banking.
“With this innovation comes the need to ensure that the security of our customers is at the heart of our digital experience, this is why the digital onboarding experience for this feature includes a high-quality facial matching check with the Department of Home Affairs to verify the customer’s identity, ensuring that we have the most up to date information of our clients. Security is supremely important for us.”
The new version of the Absa Banking App is now available in the Apple and Android App stores, and anyone with a South African ID can become an Absa customer, by following these simple steps:
- Download the Absa App
- Choose the account you would like to open
- Tell us who you are
- To keep you safe, we will verify your cell phone number
- Take a selfie, and we will do facial matching with the Department of Home Affairs to confirm you are who you say you are
- Tell us where you live
- Let us know what you do for a living and your income
- Click Apply.
How we use phones to avoid human contact
A recent study by Kaspersky Lab has found that 75% of people pick up their connected device to avoid conversing with another human being.
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much-needed comfort blanket in a variety of social situations when they do not want to interact with others. A recent survey from Kaspersky Lab has confirmed this trend in behaviour after three-quarters of people (75%) admitted they use a device to pretend to be busy when they don’t want to talk to someone else, showing the importance of keeping connected devices protected under all circumstances.
Imagine you’ve arrived at a bar and you’re waiting for your date. The bar is busy, and people are chatting all around you. What do you do now? Strike up a conversation with someone you don’t know? Grab your phone from your pocket or handbag until your date arrives to keep yourself busy? Why talk to humans or even make eye-contact with someone else when you can stare at your connected device instead?
The truth is, our use of devices is making it much easier to avoid small talk or even be polite to those around us, and new Kaspersky Lab research has found that 72% of people use one when they do not know what to do in a social situation. They are also the ‘go-to’ distraction for people even when they aren’t trying to look busy or avoid someone’s eye. 46% of people admit to using a device just to kill time every day and 44% use it as a daily distraction.
In addition to just being a distraction, devices are also a lifeline to those who would rather not talk directly to another person in day-to-day situations, to complete essential tasks. In fact, nearly a third (31%) of people would prefer to carry out tasks such as ordering a taxi or finding directions to where they need to go via a website and an app, because they find it an easier experience than speaking with another person.
Whether they are helping us avoid direct contact or filling a void in our daily lives, our constant reliance on devices has become a cause for panic when they become unusable. A third (34%) of people worry that they will not be able to entertain themselves if they cannot access a connected device. 12% are even concerned that they won’t be able to pretend to be busy if their device is out of action.
Dmitry Aleshin, VP for Product Marketing, Kaspersky Lab said, “The reliance on connected devices is impacting us in more ways than we could have ever expected. There is no doubt that being connected gives us the freedom to make modern life easier, but devices are also vital to help people get through different and difficult social situations. No matter what your ‘connection crutch’ is, it is essential to make sure your device is online and available when you need it most.”
To ensure your device lifeline is always there and in top health – no matter what the reason or situation – Kaspersky Security Cloud keeps your connection safe and secure:
· I want to use my device while waiting for a friend – is it secure to access the bar’s Wi-Fi?
With Kaspersky Security Cloud, devices are protected against network threats, even if the user needs to use insecure public Wi-Fi hotspots. This is done through transferring data via an encrypted channel to ensure personal data safety, so users’ devices are protected on any connection.
· Oh no! I’m bored but my phone’s battery is getting low – what am I going to do?
Users can track their battery level thanks to a countdown of how many minutes are left until their device shuts down in the Kaspersky Security Cloud interface. There is also a wide-range of portable power supplies available to keep device batteries charged while on-the-go.
· I’ve lost my phone! How will I keep myself entertained now?
Should the unthinkable happen and you lose or have your phone stolen, Kaspersky Security Cloud can track and protect your device from data breaches, for complete peace of mind. Remote lock and locate features ensure your device remains secure until you are reunited.