24/7 National Hotline: 0860 163 272 | Email: info@neasa.co.za
POPIA: How China’s new privacy law will impact businesses in South Africa
POPI ACT
HOW CHINA’s NEW PRIVACY LAW WILL IMPACT BUSINESSES IN SOUTH AFRICA
by Chanté du Preez
Dear employer
One of the latest developments regarding global data protection, is the implementation of the Protection of Personal Information Act (POPIA) in South Africa, and the passing of the Personal Information Protection Law (PIPL) in the People’s Republic of China (‘China’).
PIPL was passed by the National People’s Congress on 20 August 2020 and is expected to come into force on 01 November 2021.
The purposes of PIPL are:
a) to protect personal information rights and interests;
b) to standardize personal information handling activities;
c) to safeguard the lawful, orderly, and free flow of personal information; and
d) to stimulate the reasonable use of personal information.
China’s new data privacy law calls for all foreign businesses to become PIPL-compliant when handling personal information of Chinese data subjects. This may introduce more challenges to foreign businesses who will have to determine how to exercise their own domestic data privacy laws, while also complying with the provisions of PIPL, in the hope of maintaining any trade relations they may have with China.
The common purpose between POPIA and PIPL, is that both pieces of legislation aim to protect the personal information and rights of data subjects, highlights the importance of having justified legal grounds for the processing of personal information, and provides guidance on how to process said personal information.
The key difference between the two is that PIPL allows for the processing of information (through stringent provisions) of its data subjects beyond its borders, whereas POPIA allows for the processing of data within South Africa. Although section 72 of POPIA makes provision for transfers of personal information of its data subjects outside of South Africa, the security around it is not as stringent as PIPL.
WHAT CAN SOUTH AFRICAN BUSINESSES DO TO ENSURE COMPLIANCE
As we await further clarity on the interpretation of certain PIPL provisions, South African businesses can, in the interim, do the following to prepare and ensure compliance:
- ensure that the business is compliant with POPIA and that an Information Officer is registered with the Information Regulator;
- engage with Chinese trading partners for guidance and advice, and gain interim insight on the practicality of the process on how to be PIPL compliant; and
- revisit and update any current trade contract terms between the business and Chinese trading partners, to ensure that all relevant POPIA and PIPL provisions are included.
South African businesses with Chinese trade relations are therefore encouraged to familiarise themselves with PIPL, and to ensure that they are compliant with all data privacy laws in both South Africa and China.
To read the press release regarding the impact of PIPL on South African businesses in terms of POPIA, please click here.
Chanté du Preez is an Assistant Policy Advisor at the National Employers’ Association of South Africa (NEASA).
For more information:
NEASA Media Department
media@neasa.co.za