South Africa and Mauritius
22 April - 06 May 2021
Meet the regulators in South Africa and Mauritius requiring companies to comply with their data privacy laws.
South Africa and Mauritius are two of only three countries in Africa’s Top 10 (ranked according to GDP per capita) with data privacy laws and a specialised Data Protection Authority to enforce them. This session will enable you to understand and to comply with the most significant privacy law issues for companies doing business in these jurisdictions.
- Drudeisha Madhub, Data Protection Commissioner, Mauritius
- Professor Sizwe Snail ka Mtuze, Member of South Africa’s Information Regulator
- Lebogang Stroom-Nzama, Advocate, Member of South Africa’s Information Regulator
Chair: Stewart Dresner, Chief Executive, Privacy Laws & Business
South Africa has a right to privacy in the Constitution. It adopted the Protection of Personal Information Act (POPIA) in 2013, and ratified the African Convention on Human Rights in 2014. South Africa is now “counting down the grace period” until the POPIA enters fully into force on 1st July this year. The Information Regulator’s aim is for companies operating in South Africa to use the next few months to review their operations against international best practice. The Information Regulator’s overall perspective has been explained by Professor Sizwe Snail ka Mtuze as “what is good for Europe is good for Africa also.”
Mauritius has a well-developed Data Protection Act, updated in 2017, and has signed the Council of Europe Convention 108 and its additional protocol in 2016, the second non-European country to do so after Uruguay. Mauritius ratified the Council of Europe Convention and its additional protocol on 4 September 2020 making it the first African country to do so. Now the government has applied for EU adequacy status. The context is that Mauritius is a popular place for outsourcing back office functions by companies, such as Accenture, PWC, EY, BDO, Apple and Marriott.
This event qualifies for 1 CPE Credit
- Differences most relevant for companies between the two national data privacy laws and the EU General Data Protection Regulation
- How the regulators educate the business community
- Typical complaints regarding companies
- How the regulators investigate complaints by individuals and enforce the law regarding companies
- Examples of cases which have required, or might in the future, require an appeal to a judicial proceeding
- How the data privacy law is being implemented by multinational companies operating in and conducting outsourcing to South Africa and Mauritius and common issues which need attention
- Links between the data privacy regulators and other regulatory authorities in each country
- Links between the data privacy regulators and other data privacy regulators in Africa, and in other regions of the world.
In addition, there are specific issues for each country.