What are data laws and why do they affect everyone?

In many ways information is the currency of the 21st century. There is a massive global industry that profits greatly from the sale of information that fundamentally does not belong to them. In 2019, Facebook received a $5,000,000,000 fine for the misuse of information (approx. R70 billion) in the largest settlement of its kind. Here is an interesting article on more gigantic GDPR fines dished out over the last couple of years. It is not just the potential impact on a business to receive such a large fine, and it doesn't just damage their reputation including client and trader trust, but it can be completely detrimental and even potentially life-threatening to the person/s that have their sensitive personal or financial information stolen.

Data laws have been implemented in many countries in an effort to hold responsible people and companies who are reckless with information belonging to others, often by cutting security corners in order to save running costs and maximise profits at the cost of others. As a business, we stand strongly against that kind of recklessness and work with our clients to complete a holistic process review both online and off, to secure their clients and business information generally.

Internationally, data laws apply also to the import and export of information across borders and one must consider this when collecting, processing and storing data. We recommend watching this video from SASLAW and Futcher & Poppesqou Attorneys for a lot of useful information on the subject: https://youtu.be/1keNbibmxC8

@myfingertips specialises in the responsible collection, administration and processing of information between data subjects and responsible parties. We most often achieve this by building a point-to-point information processing system which negates the need to export, copy or distribute information needlessly, optimising efficiency and auditable reporting in the process.

POPIA:

In South Africa, the Information Regulator (IR) is like the 'SARS of information'. Where SARS governs the compliance of financial administration and tax laws, the IR governs the compliance of responsible information administration and data laws. https://www.justice.gov.za/inforeg/

It is important to protect your information from hackers, identity thieves and fraudsters. Unfortunately one is not always in control of how others use their information, especially online, even when providing that information willingly, and for the specific purpose advertised. Data laws around the world define the parameters and limitations by which certain types of information can and cannot be used across the full data supply chain in many ways.

In South Africa we have two seemingly ambiguous data laws; The Promotion of Access to Information Act of 2000 which relates to the purposes by which someone needs to have access to someone else's information, and the Protection of Personal Information Act of 2013 relating to the protection of personal information. The laws are synergistic in nature working in balance like yin and yang and like all laws are fundamentally based on The Constitution of South Africa and are therefore easy to understand as they are really about respect for others, their property, dignity and freedom of choice.

GDPR:

What is the GDPR? Europe’s new data privacy and security law includes hundreds of pages’ worth of new requirements for organizations around the world. This GDPR overview will help you understand the law and determine what parts of it apply to you.

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

With the GDPR, Europe is signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services and breaches are a daily occurrence. The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).

We created this website to serve as a resource for SME owners and managers to address specific challenges they may face. While it is not a substitute for legal advice, it may help you to understand where to focus your GDPR compliance efforts. We also offer tips on privacy tools and how to mitigate risks. As the GDPR continues to be interpreted, we’ll keep you up to date on evolving best practices.

If you’ve found this page — “what is the GDPR?” — chances are you’re looking for a crash course. Maybe you haven’t even found the document itself yet (tip: here’s the full regulation). Maybe you don’t have time to read the whole thing. This page is for you. In this article, we try to demystify the GDPR and, we hope, make it less overwhelming for SMEs concerned about GDPR compliance.

More information at: https://gdpr.eu/what-is-gdpr/