What is GDPR?

The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 May 2018. These will harmonize data protection laws across the EU and replace existing national data protection rules. The introduction of clear, uniform data protection laws is intended to build legal certainty for businesses and enhance consumer trust in online services.

You may need to comply with the GDPR if your organization:

  • Have an establishment in the EU (regardless of whether they process personal data in the EU), or
  • Do not have an establishment in the EU, but offer goods and services or monitor the behavior of individuals in the EU

Who does the GDPR apply to?

The GDPR applies to the data processing activities of businesses, regardless of size, that are data processors or controllers with an establishment in the EU. Generally speaking, a controller says how and why personal data is processed and a processor acts on behalf of the controller. Where a business has ‘an establishment’ in the EU, activities of the business that involve processing personal data will need to comply with the GDPR, regardless of whether the data is actually processed in the EU.

The GDPR also applies to the data processing activities of processors and controllers outside the EU, regardless of size, where the processing activities are related to:

  • Offering goods or services to individuals in the EU (irrespective of whether a payment is required)
  • Monitoring the behavior of individuals in the EU, where that behavior takes place in the EU

How SMTP Africa can help with GDPR Compliance

SMTP Africa has the resources to help you achieve GDPR compliance. We can assist you by conducting the following;

GDPR preliminary gap assessment

  • Assist with implementing appropriate technical and organizational measures, including data protection policies, to ensure and be able to demonstrate that processing complies with the GDPR
  • Ongoing monitoring and assurance