SlideShare a Scribd company logo

Uchi data local presentation 2020

Christo W. Meyer
Christo W. Meyer

“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia

Law
1 of 15
Download to read offline
DATA LOCALISATION SOUTH AFRICA Presented by Christo W. Meyer Founder - Uchi Advisory LLC www.uchiadvidory.com
WHAT IS DATA LOCALISATION ? UCHI ADVISORY LLC “Data localisation or data residency law requires data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia 

WHY SOME SAY WE NEED DATA LOCALISATION ? A 2018 Brookings report on the importance of cross-border data flows discusses five reasons why governments want to localise data: Protection of citizens’ personal data; Access to data by law enforcement agencies; Ensuring national security; Advancing local economic competitiveness; and Levelling the regulatory playing field. Dealing with each of these objectives, the report concluded that data localisation measures actually could have a negative impact on some country’s economies and suggests other options should be investigated to achieve the above mentioned goals.
UCHI ADVISORY LLCSOME PRACTICAL CONCERNS Economic, Infra-Structure, and development concerns in smaller countries could prove to be problematic for the localisation of Data. For example, data centers require reliable infrastructure to keep the data secure in-country that many developing countries may not be able to ensure. Another problem could be that there is not sufficient incentive for the larger cloud server providers, the likes of AWS, Microsoft Azure, or Google Cloud, to invest in such a country as they did in countries like India or South Africa, where local data centers where built. This could result in financial services providers in developing countries being forced to look outside of their local jurisdiction to find a robust cloud computing solution to protect their data.
UCHI ADVISORY LLCDATA PROTECTION IN SOUTH AFRICA In South Africa, the Protection of Personal Information Act of 2013 (also referred to as the POPI Act or POPIA) only came officially into operation on 1 July 2020. This Act brings an end to the uncertainty surrounding dealing with personal information in South Africa. POPIA is essentially South Africa's equivalent to the EU's GDPR; although promulgated in 2013, only certain sections of the Act have been working since April 2014. Certain sections have been in effect from 1 July 2020. whilst other parts of the Act, will only be in effect from 30 June 2021. That means that even though the Act is in effect, we are still in a so-called one-year grace period, which will end on 1 July 2021. Currently, the Information Regulator published the final POPI Regulations and appointed various people to fill vacancies.
UCHI ADVISORY LLCDATA PROTECTION IN SOUTH AFRICA Only once POPI is fully in force data will officially be protected, and localisation rules will apply to its full extent. The purpose of this Act is to protect the "personal information" of the citizens of South Africa, which is obtained as well as processed by both public and private institutions. The Act also attempts to balance the constitutional right to privacy with other rights, for example, access to information. The POPIA recognises the right to privacy enshrined in the Constitution and gives effect to this right through mandatory procedures and mechanisms for the handling and processing of personal information. The POPI Act is in line with current international trends and laws on privacy. 'Processing' is widely defined.
WHAT IS PROCESSING ? Uchi Advisory LLC Processing involves any activity, operation or set off operations automatic or not in relation to personal information. It includes but are not limited to the: collection, receipt, recording, organising, collation, updating, modification, retrieval, alteration, use, storage, distribution, making available, dissemination, merging, linking, restriction, degradation erasure or destruction of personal information
UCHI ADVISORY LLCWHAT IS PERSONAL INFORMATION Personal information is a very broad term, but relates to any identifiable, natural, or legal entity and includes, but is not limited to: 
 Any identifiable number or symbol including email, location information, online identifier Being disabled (in case of a natural person) Private or confidential correspondence Biometric information  Demographic information – age, gender, race, date of birth, ethnicity, etc. Personal opinions and views of and about a person or group History – employment, financial information, medical history, criminal history as well as educational history 
 The POPI Act applies to every business or institution in South Africa, as well as an international company that does business in South Africa, that collects, uses, stores, or destroy personal information from a data subject, whether or not such processing is automatic.
UCHI ADVISORY LLC MAY PERSONAL INFORMATION BE SEND ABROAD? The short answer is yes it is possible, but there are restrictions and will depend on the laws of the country/ies to which the information is sent and where the information comes from. It is especially cloud-based systems that can cause problems with POPI. The electronic transmission and processing of data cross- countries have led to a concern that data protection legislation will simply be circumvented by the transfer of personal information to countries where data protection rules or regulations will not apply and where information will be processed and (miss)-used without any hindrance.
UCHI ADVISORY LLCCROSS BORDER DATA FLOWS POPIA prohibits the transfer of data across border and will only permits the transferring across borders under specific circumstances mentioned in section 72. In essence, the country where the information will be processed, or the recipient of the information, must be subject to rules or regulations effectively similar to the principles stated in POPIA. The above obligation can be fulfilled by means of legislation or a personal contractual relationship between the parties. For example, in countries where equivalent data protection rules or regulations exist, the parties can enter into an agreement, outlining the duties on the party processing or receiving the information in the country without data protection legislation, in line with the principles of POPIA. A party’s prior consent to a cross-border transfer of its personal information must also be obtained, unless it is not practicable to obtain such consent
WHAT ARE THE OBLIGATION OF BUSINESSES UNDER POPIA ? Uchi Advisory LLC 
 In short, the obligations include: to only collect information for a specific purpose; to ensure that the information is relevant and up to date; to have reasonable security measures in place to protect the information; to only keep the necessary information; and to allow the data subject to obtain or view his or her information on request.
WHAT ARE THE OBLIGATION OF BUSINESSES UNDER POPIA ? Uchi Advisory LLC 
 Accountability: The Business is accountable for complying with the principles contained in the Act. The business will be responsible from the time that the information is collected and/or processed to the time of its deletion. 
 Specific purpose: Personal information must only be collected for a specific and defined and lawful purpose, relation to a function or activity of the business. This information may also not be retained for longer than it is required unless it is lawful to do so. Processing restriction: The processing must be conducted lawfully, and only the minimum necessary personal information may be processed, and the information must not be excessive, given the purpose for which it is processed. 
 Further processing restrictions: The business is responsible for preventing the further processing of information in a manner that was not intended when the information was collected. This restriction attempts to limit any secondary use of personal information. This covers the eventuality where personal information of a third party is received and transferred to another responsible party for processing.
WHAT ARE THE OBLIGATION OF BUSINESSES UNDER POPIA ? Uchi Advisory LLC Transparency: The business needs to ensure that the data subject is aware of the various matter in relation to the collection and processing of information as well as to the purpose for which the information is collected and whether the information provided by the data subject is voluntary or mandatory. 
 Information Quality: The business must ensure and take reasonably practical steps that personal information is accurate, not misleading, and updated where necessary. 
 Security measures: The business must protect the integrity of the personal information in its possession and under its control. The business needs to identify all reasonably foreseeable internal and external risks to the date in its possession and control and ensure that measures are in place to prevent:  loss of, damage to or  the unauthorised access or destruction  of the personal information. 
 Data subject participation: A data subject has the rights to:  request an explanation of the personal information collected;  Request information about the recipients of personal information; and Request deletion or correction of the personal information
WHAT PENALTIES ARE THERE UNDER POPIA ? Uchi Advisory LLC The POPIA has strict regulations that every company must comply with and depending on the nature of the offense, businesses as well as individuals can be punished. Offenders can be fi ned up to R10 million and can even be jailed.
UCHI ADVISORY LLC To recap: Personal Information may only be transmitted across boarders from South Africa to a third party in a country which are subject to rules or regulations effectively similar to the principles stated in POPIA, either based on legislation or contractual agreement. Remember each business collecting personal information has 12 months (from 1 July 2020) to fully comply with this Act.

Recommended

Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeAfrican Open Science Platform
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationEndcode_org
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Faidepro
 

Recommended

Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeAfrican Open Science Platform
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationEndcode_org
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Faidepro
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
POPI
POPI POPI
POPI POPI ACT Protection of Personal Info
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINALImraan Kharwa
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarLance Michalson
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
POPI Update 2013
POPI Update 2013POPI Update 2013
POPI Update 2013Contact Centre Management Group
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMMyron Duncan Burton Betshanger
 
Opportunities and benefits of POPI
Opportunities and benefits of POPIOpportunities and benefits of POPI
Opportunities and benefits of POPIPOPI ACT Protection of Personal Info
 
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Werksmans Attorneys
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfDaviesParker
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfDaviesParker
 

More Related Content

What's hot

Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarLance Michalson
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Werksmans Attorneys
 

What's hot (20)

The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 
POPI
POPI POPI
POPI
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminar
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...
 
Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
POPI Update 2013
POPI Update 2013POPI Update 2013
POPI Update 2013
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
 
Opportunities and benefits of POPI
Opportunities and benefits of POPIOpportunities and benefits of POPI
Opportunities and benefits of POPI
 
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...
 

Similar to Uchi data local presentation 2020

Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfDaviesParker
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfDaviesParker
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDaviesParker
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil LibertiesUpekha Vandebona
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadEquiCorp Associates
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysiakhenghoe
 

Similar to Uchi data local presentation 2020 (20)

Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdf
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
1307 Privacy Act
1307 Privacy Act1307 Privacy Act
1307 Privacy Act
 
Data protection act
Data protection act Data protection act
Data protection act
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdfDIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
DIGITAL-PERSONAL-DATA-PROTECTION-ACT-2023-WHITEPAPER.pdf
 
Privacy and Civil Liberties
Privacy and Civil LibertiesPrivacy and Civil Liberties
Privacy and Civil Liberties
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
India's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road AheadIndia's Data Protection Law 2018- Future Road Ahead
India's Data Protection Law 2018- Future Road Ahead
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 

Recently uploaded

Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfssuser3e15612
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its historyprasannamurthy6
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Rich Bergeron
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21vasanthakumarsk17
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasBrandy Austin
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxBharatMunjal4
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxJFSB1
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseRich Bergeron
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksFinlaw Associates
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Rich Bergeron
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxgurcharnsinghlecengl
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in SalesMelvinPernez2
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsRich Bergeron
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 

Recently uploaded (20)

Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdfWurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
Wurz Financial - Wealth Counsel to Law Firm Owners Services Guide.pdf
 
Labour legislations in India and its history
Labour legislations in India and its historyLabour legislations in India and its history
Labour legislations in India and its history
 
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
Town of Haverhill's Statement of Facts for Summary Judgment on Counterclaims ...
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Right to life and personal liberty under article 21
Right to life and personal liberty under article 21Right to life and personal liberty under article 21
Right to life and personal liberty under article 21
 
Choosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in TexasChoosing the Right Business Structure for Your Small Business in Texas
Choosing the Right Business Structure for Your Small Business in Texas
 
Grey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptxGrey Area of the Information Technology Act, 2000.pptx
Grey Area of the Information Technology Act, 2000.pptx
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
RA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptxRA. 7432 and RA 9994 Senior Citizen .pptx
RA. 7432 and RA 9994 Senior Citizen .pptx
 
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment CaseTown of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
Town of Haverhill's Summary Judgment Motion for Declaratory Judgment Case
 
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal FrameworksUnderstanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
Understanding Cyber Crime Litigation: Key Concepts and Legal Frameworks
 
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
Town of Haverhill's Statement of Material Facts For Declaratory Judgment Moti...
 
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptxThe Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
The Punjab Land Reforms AcT 1972 HIRDEBIR.pptx
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales1990-2004 Bar Questions and Answers in Sales
1990-2004 Bar Questions and Answers in Sales
 
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC CounterclaimsTown of Haverhill's Motion for Summary Judgment on DTC Counterclaims
Town of Haverhill's Motion for Summary Judgment on DTC Counterclaims
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 

Uchi data local presentation 2020

  • 1. DATA LOCALISATION SOUTH AFRICA Presented by Christo W. Meyer Founder - Uchi Advisory LLC www.uchiadvidory.com
  • 2. WHAT IS DATA LOCALISATION ? UCHI ADVISORY LLC “Data localisation or data residency law requires data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia 

  • 3. WHY SOME SAY WE NEED DATA LOCALISATION ? A 2018 Brookings report on the importance of cross-border data flows discusses five reasons why governments want to localise data: Protection of citizens’ personal data; Access to data by law enforcement agencies; Ensuring national security; Advancing local economic competitiveness; and Levelling the regulatory playing field. Dealing with each of these objectives, the report concluded that data localisation measures actually could have a negative impact on some country’s economies and suggests other options should be investigated to achieve the above mentioned goals.
  • 4. UCHI ADVISORY LLCSOME PRACTICAL CONCERNS Economic, Infra-Structure, and development concerns in smaller countries could prove to be problematic for the localisation of Data. For example, data centers require reliable infrastructure to keep the data secure in-country that many developing countries may not be able to ensure. Another problem could be that there is not sufficient incentive for the larger cloud server providers, the likes of AWS, Microsoft Azure, or Google Cloud, to invest in such a country as they did in countries like India or South Africa, where local data centers where built. This could result in financial services providers in developing countries being forced to look outside of their local jurisdiction to find a robust cloud computing solution to protect their data.
  • 5. UCHI ADVISORY LLCDATA PROTECTION IN SOUTH AFRICA In South Africa, the Protection of Personal Information Act of 2013 (also referred to as the POPI Act or POPIA) only came officially into operation on 1 July 2020. This Act brings an end to the uncertainty surrounding dealing with personal information in South Africa. POPIA is essentially South Africa's equivalent to the EU's GDPR; although promulgated in 2013, only certain sections of the Act have been working since April 2014. Certain sections have been in effect from 1 July 2020. whilst other parts of the Act, will only be in effect from 30 June 2021. That means that even though the Act is in effect, we are still in a so-called one-year grace period, which will end on 1 July 2021. Currently, the Information Regulator published the final POPI Regulations and appointed various people to fill vacancies.
  • 6. UCHI ADVISORY LLCDATA PROTECTION IN SOUTH AFRICA Only once POPI is fully in force data will officially be protected, and localisation rules will apply to its full extent. The purpose of this Act is to protect the "personal information" of the citizens of South Africa, which is obtained as well as processed by both public and private institutions. The Act also attempts to balance the constitutional right to privacy with other rights, for example, access to information. The POPIA recognises the right to privacy enshrined in the Constitution and gives effect to this right through mandatory procedures and mechanisms for the handling and processing of personal information. The POPI Act is in line with current international trends and laws on privacy. 'Processing' is widely defined.
  • 7. WHAT IS PROCESSING ? Uchi Advisory LLC Processing involves any activity, operation or set off operations automatic or not in relation to personal information. It includes but are not limited to the: collection, receipt, recording, organising, collation, updating, modification, retrieval, alteration, use, storage, distribution, making available, dissemination, merging, linking, restriction, degradation erasure or destruction of personal information
  • 8. UCHI ADVISORY LLCWHAT IS PERSONAL INFORMATION Personal information is a very broad term, but relates to any identifiable, natural, or legal entity and includes, but is not limited to: 
 Any identifiable number or symbol including email, location information, online identifier Being disabled (in case of a natural person) Private or confidential correspondence Biometric information  Demographic information – age, gender, race, date of birth, ethnicity, etc. Personal opinions and views of and about a person or group History – employment, financial information, medical history, criminal history as well as educational history 
 The POPI Act applies to every business or institution in South Africa, as well as an international company that does business in South Africa, that collects, uses, stores, or destroy personal information from a data subject, whether or not such processing is automatic.
  • 9. UCHI ADVISORY LLC MAY PERSONAL INFORMATION BE SEND ABROAD? The short answer is yes it is possible, but there are restrictions and will depend on the laws of the country/ies to which the information is sent and where the information comes from. It is especially cloud-based systems that can cause problems with POPI. The electronic transmission and processing of data cross- countries have led to a concern that data protection legislation will simply be circumvented by the transfer of personal information to countries where data protection rules or regulations will not apply and where information will be processed and (miss)-used without any hindrance.
  • 10. UCHI ADVISORY LLCCROSS BORDER DATA FLOWS POPIA prohibits the transfer of data across border and will only permits the transferring across borders under specific circumstances mentioned in section 72. In essence, the country where the information will be processed, or the recipient of the information, must be subject to rules or regulations effectively similar to the principles stated in POPIA. The above obligation can be fulfilled by means of legislation or a personal contractual relationship between the parties. For example, in countries where equivalent data protection rules or regulations exist, the parties can enter into an agreement, outlining the duties on the party processing or receiving the information in the country without data protection legislation, in line with the principles of POPIA. A party’s prior consent to a cross-border transfer of its personal information must also be obtained, unless it is not practicable to obtain such consent
  • 11. WHAT ARE THE OBLIGATION OF BUSINESSES UNDER POPIA ? Uchi Advisory LLC 
 In short, the obligations include: to only collect information for a specific purpose; to ensure that the information is relevant and up to date; to have reasonable security measures in place to protect the information; to only keep the necessary information; and to allow the data subject to obtain or view his or her information on request.
  • 12. WHAT ARE THE OBLIGATION OF BUSINESSES UNDER POPIA ? Uchi Advisory LLC 
 Accountability: The Business is accountable for complying with the principles contained in the Act. The business will be responsible from the time that the information is collected and/or processed to the time of its deletion. 
 Specific purpose: Personal information must only be collected for a specific and defined and lawful purpose, relation to a function or activity of the business. This information may also not be retained for longer than it is required unless it is lawful to do so. Processing restriction: The processing must be conducted lawfully, and only the minimum necessary personal information may be processed, and the information must not be excessive, given the purpose for which it is processed. 
 Further processing restrictions: The business is responsible for preventing the further processing of information in a manner that was not intended when the information was collected. This restriction attempts to limit any secondary use of personal information. This covers the eventuality where personal information of a third party is received and transferred to another responsible party for processing.
  • 13. WHAT ARE THE OBLIGATION OF BUSINESSES UNDER POPIA ? Uchi Advisory LLC Transparency: The business needs to ensure that the data subject is aware of the various matter in relation to the collection and processing of information as well as to the purpose for which the information is collected and whether the information provided by the data subject is voluntary or mandatory. 
 Information Quality: The business must ensure and take reasonably practical steps that personal information is accurate, not misleading, and updated where necessary. 
 Security measures: The business must protect the integrity of the personal information in its possession and under its control. The business needs to identify all reasonably foreseeable internal and external risks to the date in its possession and control and ensure that measures are in place to prevent:  loss of, damage to or  the unauthorised access or destruction  of the personal information. 
 Data subject participation: A data subject has the rights to:  request an explanation of the personal information collected;  Request information about the recipients of personal information; and Request deletion or correction of the personal information
  • 14. WHAT PENALTIES ARE THERE UNDER POPIA ? Uchi Advisory LLC The POPIA has strict regulations that every company must comply with and depending on the nature of the offense, businesses as well as individuals can be punished. Offenders can be fi ned up to R10 million and can even be jailed.
  • 15. UCHI ADVISORY LLC To recap: Personal Information may only be transmitted across boarders from South Africa to a third party in a country which are subject to rules or regulations effectively similar to the principles stated in POPIA, either based on legislation or contractual agreement. Remember each business collecting personal information has 12 months (from 1 July 2020) to fully comply with this Act.