The EUs General Data Protection Regulation (GDPR) presents a timely opportunity, particularly for regional trade blocs such as the Common Market for Eastern and Southern Africa (COMESA), to develop a framework for consumer data protection that is specific to the Africa region and its citizen, and safeguards trade with other countries and regions.
Importantly, as evidenced by the increasing number of countries globally aligning their data protection frameworks with the EU, the GDPR is currently deemed to be the global regulatory ‘gold standard’ for the protection of personal data of consumers. Essentially, countries with adequate data protection frameworks, and hence the ability to transfer data internationally, will have a distinct advantage in their ability to crowd in investment and advance trade with large consumer markets. As more countries align with the EU on the importance of protecting consumer data in an increasingly global digital economy, rules on the cross-border transfer of data are likely to become stricter. Countries that do not have adequate levels of data protection face significant risks.
The absence of existing data protection frameworks and the lack of supporting services presents a significant challenge for most African countries. With no African country currently deemed to be compliant with the GDPR, its introduction risks disrupting the USD 14 billion in annual exports from Africa’s digital economy to the EU. As the GDPR does not allow for partial compliance, countries will need to be deemed adequately compliant by the European Commission to protect their export industries.
The push to achieve adequate compliance with the GDPR at a national level is testament to the importance that governments place on applying a duty of care to citizens and organisations within their territory, as well protecting their national economic interest.
The GDPR comes into effect on 25 May 2018 and the pathway to achieving the required standard of adequate personal data protection is lengthy and complex. Countries within COMESA need to evaluate their legislative and enforcement frameworks as a priority. Where discrepancies arise, there is still time to engage the EU on alternative strategies or approaches.
In addition to defining the standard of consumer data protection in Africa, compliance with the GDPR is an opportunity for African countries to establish and strengthen strategic partnerships with the EU. Aligning on policy matters is often an important step towards fostering deeper relationships with large regional blocs, such as the EU.