1. Introduction
  2. What is the GDPR?
  3. The aim of GDPR
  4. How will GDPR affect your business?
  5. What consequences does a company face, if not adhering to the GDPR regulations?
  6. How to protect your company from being fined?
  7. Email consent and website consent
  8. Conclusion
  1. Introduction

Namibia is an important partner to the EU, with reference to good governance and plays an important and influential role as a voice in Southern Africa. [1]Namibia´s government has been successful in reinforcing the foundation of a new nation by gradually putting in place the elements of an inclusive, democratic society with respect for human rights and the rule of law.

The protection of data, in an increasingly data-driven world, has become one of the most out spoken topics in the last few years. We send mails, documents, pay bills and purchase goods by entering personal data and details on a daily basis, without a second thought. What happens to this data that we, as consumers, so openly and freely give out? Should we not fear that our right to privacy is violated, when freely handing out this information? Hence, there is a need to protect the data of every individual person, customer and client.

In short, this paper will focus on the protection of privacy of individuals in terms of their constitutional rights both in the local and international sphere.Further focus will be placed on the importance that Namibian companies play in protecting the data of customers and the impact that such disregard can have on your business.

  1. What is GDPR?

General Data Protection Regulation, in short GDPR,is a 21st century, ambitious legal framework, which requires all enterprises to protect the personal data and privacy of EU citizens for transaction that occur within the EU member states and outside the boarders of the EU.The policy incorporates the privacy data protection of consumers in a global setting. On the 25 day of May 2018, the policy came into action and was accepted globally. What this entails, is that any business that collects, stores and processes private data of EU citizens, for the purpose of trade of either good or services, will have to apply the policy, regardless of location. Companies located within Namibia, trading with EU citizens, will have to abide to the rules of the newly transcribed GDPR.

  1. The aim of GDPR

In a nutshell, [2]the main aim of GDPR is to regulate how personal data is collected, stored and used. It increases the protection of privacy and data breaches in an increasingly data-driven world. As mentioned above, GDPR not only impacts businesses trading within the borders of Europe, but also impacts businesses in a global sphere, that offer products or services to EU citizens. Global companies such as Amazon, Facebook and Google have already signed the GDPR.

As a trade partner, Namibia mainly exports products to the Netherlands, Spain and United Kingdom. If these companies handle their trade mainly via the internet, they will be subject to adhering to the GDPR policy.

  1. How does it impact your business?

In an ever increasing global and data driven market, Namibian companies can only flourishif they have the trust of their consumers. This trust is instilled in the consumer, when he or she knows that his or her data is protected and not violated.

If we shift our focus to the Namibian Constitution, specifically Chapter 3, Article 13, we see that it incorporates the protection of privacy of every citizen of Namibia. [3]Article 13 (1) reads as follows, no person shall be subject to interference with their privacy of their homes, correspondence or communication save in accordance with law and as is necessary in the interest of national security.

Article 13 of the Constitution lays the foundation for the protection of privacy, specifically the protection of communication of every citizen of Namibia.

This means that even Namibian citizens have the right to have their data protected against violation of Namibian companies.

Any Namibian company that engages in trade with EU citizens on an online forum, system or business structure will have to follow the guidelines as set down in the GDPR.

In terms of [4]Chapter 21, Article 144 of the Namibian Constitution, Namibia is obliged to follow international public law and international agreements, as these form part of the law of Namibia.

Article 144, obliges the Namibian Government to follow and adhere to international agreements such as the GDPR and implement it on a National basis.

[5]The biggest change that the new GDPR policy encapsulates is the so-called “extra-territorial applicability” principal. What this entails is that GDPR increases the jurisdiction of government’s, cross-border. Businesses or organizations located outside the EU-borders, trading online, will be affected by this regulation.

How will extra-territorial applicability affect Namibian companies? Any Non-EU based company that collects,processes and stores data of any European citizen will be affected by GDPR.

  1. What are the consequences of not adhering to GDPR?

Under the new GDPR policy, companies or organizations that breach the regulations can face steeppenalties.[6]The maximum penalty a company can face is either 4% of annual turnover or €20 Million, whichever is the greater amount. However, this penalty will only be imposed, in the most serious infringement of the regulation, namely not having sufficient consent from the consumer or employee to process the private individual data or violating the core of Privacy by Design concepts.

[7]There is a tiered approach to fining companies, for example, 2% may be fined for not having records in order in terms of Article 28, not notifying the supervising authority and data subject about the breach or not conducting impact assessments. Note must be taken that these rules apply to both the controller and processor.

  1. How to protect your company from being fined?

What must a company do to protect itself against the steep penalties, if transgressing the GDPR?

6.1: Consent

  • Receive consent from the consumer or customer, with whom your company is interacting.
  • Consent forms have been strengthened and companies will no longer be able to use lengthy illegible terms and conditions full of legalese.
  • Consent must be clear and distinguishable
  • Consent must be easily accessible and set out in clear and conscious language.

6.2: Forgetting data

  • If consumers are no longer customers, or if they withdraw their consent from a company to use their data, then they have a right to have their data deleted.
  • Erasing data should not be delayed by the data controller of the company. [8](Article 17 of GDPR)
  • The controller will have the sole responsibility to have the data erased of a consumer, who no longer wishes to be a consumer of the company.

6.3: Employing a Data Controller

  • Every company, trading outside EU boarders with EU citizens will be required to hire a data controller.
  • Data controller is in charge of managing how data is collected, stored and used by the company.

6.4: Consequences of data breaching

  • In case of a data breach, the Data protection officers will have to report the breach within 72 hours to their respective supervisors.
  • Details should contain the nature of the breach, the categories and approximate number of individuals impacted and contact information of the Data Protection Officer.
  1. Examples of GDPR on website

  1. Conclusion

In today’s data driven world, the need to protect individual, private data is of utmost importance. Protecting data, instils trust in the consumer and employees, which has a positive effect on the business trading with such customers or employees.

Customers will more freely assist businesses with their private information, if they know that the data will not be violated. This on the other hand, instils trust in the businesses, knowing that the data provided, is of highest quality, as it is provided by the individual him or herself. This allows your marketing team to utilize this data, more effectively.

It further allows your business to trim the fat of unnecessary data collected and stored in your business, allowing your business to free-up unnecessary used space on your business servers. This on the other hand saves you costs if buying a new server.

All-in-all GDPR is a positive regulation, implemented to assist and protect your business against the steep fines that could be handed down, if not implemented correctly.

[1]

[2]

[3] Constitution of the Republic of Namibia

[4] Constitution of the Republic of Namibia

[5]

[6] (penalty cluster)

[7] (penalty cluster)

[8]