Skip to content

A comparison of compliance with data privacy requirements in two countries

Research output: Chapter in Book/Report/Conference proceedingConference contribution

  • Adéle Da Veiga
  • Ruthea Vorster
  • Dr Fudong Li
  • Nathan Clarke
  • Steven Furnell

In the United Kingdom (UK), the Data Protection Act (DPA) has been in force since 1998, whereas South African (SA) organisations are preparing for compliance with the Protection of Personal Information Act (POPIA). The objective of this research is to compare aspects of data protection compliance between the UK and SA to establish if a country that has had data protection in place for a longer period of time has a higher level of compliance with data protection requirements in an online context compared to a country that is preparing for compliance, using the results to make recommendations for non-compliance aspects. To fulfil the research objective, an insurance industry multi-case study was conducted. Similar data privacy requirements from the DPA and POPIA were selected for the multi-case study and as such, consent for direct marketing, secure processing of personal information (PI), privacy policies and sharing of PI collected via websites were evaluated. For each country, PI of four created consumer profiles was deposited to 10 insurance company websites in each country to evaluate the requirements. The results showed that some of the websites did not honor the selected opt-out preferences as direct marketing material was sent to the SA and UK consumer profiles. Forty two unsolicited third party contacts were received by the SA consumer profiles indicating unconsented distribution of PI in SA. In comparison, no unsolicited contacts were received by any of the UK profiles. The results demonstrate that the UK, being regarded as a jurisdiction with a heavy stance towards privacy implementation and regulation, is more compliant than SA in terms of implementation of the evaluated data protection requirements included in the scope of this study. SA insurance organisations should ensure that the noncompliance aspects are addressed and can learn from the manner in which the UK insurance organisations implement the privacy requirements. Furthermore, the UK insurance organisations should focus on improved compliance for direct marking to aid with compliance to the DPA and upcoming General Data Protection Act.

Original languageEnglish
Title of host publicationProceedings of ECIS 2018
PublisherUniversity of Portsmouth
ISBN (Electronic)9781861376671
Publication statusPublished - 28 Jun 2018
Event26th European Conference on Information Systems - Portsmouth, United Kingdom
Duration: 23 Jun 201828 Jun 2018


Conference26th European Conference on Information Systems
Abbreviated titleECIS 2018
CountryUnited Kingdom


Related information

Relations Get citation (various referencing formats)

ID: 13177437