25th May 2018 saw the European Union (EU) enforcement of the General Data Protection Regulation (GDPR).

Aimed at consolidating existing data privacy laws across Europe, GDPR is designed to regulate how data can be collated and the purpose of use, by giving individuals greater autonomy on how their personal information can be stored and processed.

Unlike its predecessor, the 1995 Data Protection Directive, the scope of GDPR is wider reaching and its applicability extends beyond the EU, as organisations right down to individuals that fall within the remit of being "controllers" or "processors" of the personal data of EU subjects are accountable under GDPR. As such, failure to comply with obligations under GDPR could see guilty parties imposed fines of up to €20million or 4% of their annual global turnover (whichever is greater).

In the face of a rapidly evolving technological landscape, GDPR comes at a timely juncture. With the recent controversy surrounding the misuse of personal data from firms like Facebook and Cambridge Analytica, an understanding of the benefits of streamlining state data regulations in line with GDPR standards has triggered a global wave of alignment, but where does Africa stand?

Currently, only 17 countries in Africa have regulatory standards pertaining to data protection and Africa still lags significantly behind the rest of the world in the existence of substantial data privacy frameworks and services. This lack of compliance is particularly dangerous for investors looking to break into the EU or its digital economy and take advantage of a market with over 500 million consumers, and as GDPR requires that companies be fully compliant, this becomes another barrier to trade between the EU and Africa.

With the EU making up for over 41% of Africa's exports, there is much to be gained from a continental push for the alignment of data protection in Africa with GDPR.

The creation of a comprehensive set of rules that govern data privacy laws and define the interaction between data users and owners can work in two-fold to benefit both end users.

For individuals, it ensures greater transparency and accountability from governments and companies. This is particularly important in instances where the sanctity of the democratic process is called into question as the allegations of fixed elections in Nigeria and Kenya by Cambridge Analytica have shown.

For investors, the policy implications of a move towards compliance sees the establishment of a stronger and deeper strategic partnership between Africa and the EU. As such, an active participation in restructuring data privacy laws is the right move towards an Africa that seeks to remain engaged within the EU trade market.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.