The EU General Data Protection Regulation (GDPR) will have consequences for financial services organisations in Africa and non-compliance will expose those organisations to substantial fines and possible damage to reputation. Companies doing business in Africa should assess how the GDPR will affect their business models and data processing practices. In addition, South Africas Protection of Personal Information Act, 2013 (POPIA) also will come into effect this year. The two, however, vary in some instances. The GDPR deals with a subjects right to data probability, while the POPIA does not, and it also requires data controllers to conduct data protection impact assessments, which is not required under POPIA. Similarities include the assignment of a Responsible Party, the right to erasure and the right to restriction of processing.