This is a Guest Post and does not necessarily reflect the thoughts and opinions of Techzim. We have a strong filtering process of what makes it to our blog and are confident that you’ll enjoy the article below.
The GDPR (General Data Protection Regulation) deadline is less than a week away. We’re committed to being compliant. Given Zimbabwe is now open for business companies need to consider how GDPR will (not might) affect them.
What exactly is the GDPR?
The General Data Protection Regulation is a new privacy regulation passed by the EU Parliament that provides very strict guidelines (and very hefty fines to companies) on handling users’ private data. The regulation defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’)”.
The GDPR has been in a two-year transition period and will be enforced on May 25, 2018. So that means we have 3 days to go. I am therefore seriously worried about the silence especially from Zimbabwean IT consultancy companies, media and IT groups like Computer Society.
This is an EU regulation, so why should I be worried?
Despite being a European Union regulation, the GDPR has far-reaching implications for any business that has a global presence. GDPR impacts any business, EU-based or not, that has EU users or customers (There comes Zimbabwe).
If your company offers goods or services to individuals in the European Union (EU) or monitors their behaviours there, it will most likely need to comply.
Tourism companies (Hotels) in Zimbabwe and their need to comply with GDPR.
In my opinion, the Tourism Industry is the most affected industry.
Although the new rules will impact any organisation that processes personal data, the hotel industry will easily be affected for the following reasons:
- Hotels obtain high volumes of personal data for guests (Names, Passport numbers, Date of Birth, E-mail addresses)
- They receive personal data from many sources, such as third-party booking systems and corporate websites.
- They operate CCTV-systems.
- They conduct profiling activities of customers.
Given that the regulation clearly affects firms not located in the EU that process and or provides services to EU residents, Zimbabwean hotels will be affected.
There will be two levels of fines based on the GDPR. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher.
These amounts can make most Zimbabwean companies go broke. The more the reason why we need to take this GDPR issue seriously.
In my next instalment, I will share how companies (Will use hotels as examples) can ensure compliance.
Fibion Chibengwa is a Certified Ethical Hacker (CEH), a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA). He writes in his own capacity.