"People will have to adapt to the situation"

“It is important that we align our laws to international standards.” The General Data Protection Regulations (GDPR) will come into force on the 25th of May 2018, and Mauritian companies will have to comply with this European Union regulation. Therefore, the Data Protection Office (DPO) has come up with a new law to align our existing Data Protection Act with the GDPR as well as the European Convention for Protection of Individuals with regard to Automatic Processing of Personal Data, commonly known as Convention 108.

“Our businesses will have to implement the GDPR, and if we have the ‘Adequacy Status’, things will be easier. There is no reason why we should not succeed, although we don’t know how much time the EU will take to give us this status. In the meantime, the new Data Protection Bill has been recently adopted by Parliament,” says Drudeisha Madhub, our Data Protection Commissioner, during the seminar organized by BDO IT on ‘EU General Data Protection Regulation’ on Wednesday. The seminar also saw the keynote address of Dr Peter Tobin, a Data Privacy & Compliance Expert (interview to be published next week). Drudeisha Madhub tells us more about the new Data Protection Bill, and the implications of the EU regulation for Mauritian companies



>> What fundamental changes have been brought to the existing Data Protection Act to align it with the new EU General Data Protection Regulation?   

There are so many changes! The new Data Protection Bill is going to reinforce the existing framework in Mauritius. It will provide more rights to our citizens in terms of the protection of their personal information, and bringing more obligations to controllers and processors with regard to the data that they hold about citizens. This is the main gist of the legislation. The new law is going to be adopted by proclamation, and that will depend on presidential assent. Once the President of the Republic does this, the law will come into force. But it’s definitely going to be before May 2018.


>> You talked about the “Adequacy Status” to be given by the European Union. What does it imply?

The next step for Mauritius is to seek the ‘Adequacy Status’ with the European Union. Adequacy is a procedure whereby Mauritius will be recognized as a safe country with regard to the protection of personal data and there will be no barrier between European investors and local ones.


>> What are your observations regarding the Mauritian companies? Are they ready for the GDPR, or some kind of confusion and worry still prevail?

Everything takes time, but I think with the new Mauritian law, and the GDPR, people will have to adapt to the situation and it’s not going to be that difficult. We are coming with guidelines and we will sensitize people on the aspects that they don’t understand. There is not going to be any confusion because the GDPR is being applied to all companies. They are already following the GDPR rules. So, it’s not a new rule for them. All sectors in Mauritius are covered by the GDPR. Almost everybody deals with personal information. We have to be prepared.



“Le GDPR peut être à la fois une opportunité et une menace”


















Avec l’entrée en vigueur en mai 2018 du règlement général de l’Union européenne sur la protection des données (GDPR), BDO IT Consulting a organisé, le mercredi 13 décembre, un séminaire durant lequel un aperçu de la législation européenne GDPR et des mesures à prendre pour se conformer à cette nouvelle législation ont été présentés.

 Le GDPR, qui va donner de manière inédite - depuis 20 ans - une nouvelle dimension à la législation sur la vie privée, a des implications sur les entreprises opérant dans l’Union Européenne, ainsi que sur les entreprises basées à l’extérieur de l’Union européenne, comme l’île  Maurice, qui traitent également  des informations personnelles de résidents européens.

« Le GDPR peut être à la fois une opportunité et une menace », déclare Feizal Jownally, partenaire chez BDO IT Consulting. « Les entreprises qui réussiront leur mise en conformité pourront renforcer leur position concurrentielle et leur réputation, tandis que les organisations qui ne répondront pas aux exigences rigoureuses de la législation courront  le risque de subir des impacts négatifs importants ».

La loi mauricienne sur la protection des données a également été modifiée et elle s’alignera sur la législation européenne. « Il est impératif que toutes les entreprises, qui traitent et conservent des données personnelles, ou qui effectuent du marketing direct par voie électronique, tels que le courrier électronique et les SMS, soient pleinement conscients des implications des nouvelles législations relatives à la confidentialité des données », a-t-il laissé entendre.


Pour plus d'info: Lecture en ligne Télécharger