The GDPR (General Data Protection Regulation) deadline is less than a week away. We’re committed to being compliant. Given Zimbabwe is now open for business companies need to consider how GDPR will (not might) affect them.
What exactly is the GDPR?
The General Data Protection Regulation is a new privacy regulation passed by the EU Parliament that provides very strict guidelines (and very hefty fines to companies) on handling users’ private data. The regulation defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’)”.
The GDPR has been in a two-year transition period and will be enforced on May 25, 2018. So that means we have 3 days to go. I am therefore seriously worried about the silence especially from Zimbabwean IT consultancy companies, media and IT groups like Computer Society.
This is an EU regulation, so why should I be worried?
Despite being a European Union regulation, the GDPR has far-reaching implications for any business that has a global presence. GDPR impacts any business, EU-based or not, that has EU users or customers (There comes Zimbabwe).
If your company offers goods or services to individuals in the European Union (EU) or monitors their behaviours there, it will most likely need to comply.
Tourism companies (Hotels) in Zimbabwe and their need to comply with GDPR.
In my opinion, the Tourism Industry is the most affected industry.
Although the new rules will impact any organisation that processes personal data, the hotel industry will easily be affected for the following reasons:
- Hotels obtain high volumes of personal data for guests (Names, Passport numbers, Date of Birth, E-mail addresses)
- They receive personal data from many sources, such as third-party booking systems and corporate websites.
- They operate CCTV-systems.
- They conduct profiling activities of customers.
Given that the regulation clearly affects firms not located in the EU that process and or provides services to EU residents, Zimbabwean hotels will be affected.
Penalties
There will be two levels of fines based on the GDPR. The first is up to €10 million or 2% of the company’s global annual turnover of the previous financial year, whichever is higher. The second is up to €20 million or 4% of the company’s global annual turnover of the previous financial year, whichever is higher.
These amounts can make most Zimbabwean companies go broke. The more the reason why we need to take this GDPR issue seriously.
In my next instalment, I will share how companies (Will use hotels as examples) can ensure compliance.
About Author
Fibion Chibengwa is a Certified Ethical Hacker (CEH), a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA). He writes in his own capacity.
9 comments
Great article
Thats all you can say
Lol, nice one !!
Most people haven’t even heard of GDPR yet, not only in Zim but in the US and Asia too.
I think the fines are unreasonable, especially for companies outside of the EU. Its fine to police the EU, but trying to police the whole world with EU regulation? thats just too much, and i wonder if its even legally do-able?
I’m sure people will rather turn away EU customers than pay to overhaul their company to comply with GDPR, especially because of a small percentage European customer base
are most companies in Zim even affected ? i do not think our marketers are at that level yet where they use internet usage trends to study behaviour trends and patterns . just my opinion
Good article Keep on keeping on vafana
zvaari ma1, waiting for the next article
Noted , Wayforwatd tadii guys
Agree with Reggie.
By the way please make an app for techzim.