Websites and Apps like WhatsApp, Instagram and Snapchat are already changing their T’s and C’s notifying users as they seek to comply with the GDPR directive. Before you see how these policy updates affect Zimbabwean companies, let’s see GDPR is all about?
What is GDPR?
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. While GDPR is good news for the data privacy of individuals in the EU, investors may be irritated by these changes.
WhatsApp, for instance, has decided to cut off under-16s from its services altogether and Snapchat, another App with a youthful user base is following suit. This significantly reduces the number of users on these platforms
Who will GDPR specifically?
Beyond Europe, GDPR will apply to any business where their data processing relates to the offering of goods and services to EU-based people or the monitoring of online behavior. Even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data. That effectively means almost all companies.
What constitutes personal data?
Personal data is any information related to a natural person that can be used to directly or indirectly identify the person.
It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data.
Why does GDPR even exist?
In a nutshell, it exists because of public concern over privacy. Europe, in general, has long had more stringent rules around how companies use the personal data of its citizens.
Of course, an EU-based company or multinational corporation that does business in the EU is expected to comply with the GDPR. But what about Zimbabwean. companies that have no direct business operations in any one of the 28-member states of the European Union. Do they have anything to worry about?
Zimbabwean companies without a physical presence in an EU country collect most of the personal data belonging to EU data subjects over the Web.
Many websites in Zimbabwe collect this kind of data through newsletters and signing up can be affected by the GDPR directive.
Customer engagement will be hard under the GDPR directive. The conditions for obtaining consent are stricter as the individual must have the right to withdraw consent at any time.
This means you have to be able to prove that the individual agreed to a certain action, to receive a newsletter for instance. This changes a lot of things for companies such as the way your sales teams prospect or the way that marketing activities are managed.
Zimbabwean-based hospitality, travel, banks and stoke brokers companies will certainly have to take a closer look at their online marketing practices. Also, companies with a strong Web presence like us Techzim should be paying attention and changing practices now.
When does your company need to be in compliance?
Companies must be able to show compliance by May 25, 2018.
Quick NetOne, Telecel, Africom, And Econet Airtime Recharge
If anything goes wrong, chat with us using the chat feature at the bottom right of this screen