Introduction

In the era of the internet, users’ life can be digitized, tracked and logged; every picture, and
every heartbeat are collected and traded by companies and governments. The EU’s General
Data Protection Regulation (GDPR) - European Parliament and Council Regulation No
2016/679, is described as the biggest shake up in data protection laws in a generation giving
ordinary people unprecedented control over the information companies hold on them. Having
entered into effect on 25 May 2018, GDPR brought massive data protection rules and the
EU’s previous legal framework that dates back to 1995.
While retaining the overall regulatory approach of its predecessor, the GDPR also introduces
a number of new compliance obligations, including higher sanctions than those available
under the previous framework [CITATION Pie19 \l 2057 ]. The GDPR regulations cover
things that identify service users such as the names, contact details, computer location
information, personal data such as race, sex orientation. Organizations are now required to
prove reasons for holding that kind of data and even more importantly, show that they are
keeping it safe. The regulations apply to all companies and organizations operating with in
the EU or outside the EU but serving EU citizens and holding EU citizens’ data. Thus, the
regulation has immense impact around the world.

Justification
The digital economy is expected to add 1.1 % to the European Union’s annual economic
growth and to boost GDP by over 14 percent by 2030. That implies an extra €2 trillion of
GDP by 2030. Europe relies on overseas companies for most of its digital life[ CITATION
Emm20 \l 2057 ]. This presents EU as the potential market for digital and data-based services
for technology start-ups and companies from the developing economies.
A basic understanding of the end goals of the GDPR and how its geared towards achieving
the regulatory goals set can help innovators and entrepreneurs understand what compliance
tasks will become necessary and consequences of noncompliance.
With the increasing reliance of businesses on data mining techniques to improve business
performance, user data has become the gold of the 21 st century. The importance of data
protection and compliant research has become apparent: the lack of compliance will
inevitably lead to problems with conducting business in/with the European Union.
Background
The ability to move data freely across borders supports a growing range of economic activity
and international trade. Data flows are the basis for potentially transformative developments,
ranging from additive manufacturing, which could change trade in goods into trade in design,
to cloud computing, which is already changing trade in IT products into trade in computer
services. Big data analytics, which rely on data gathered from across jurisdictions, are
revolutionizing industries from banking and insurance to health and retail, and supporting the
development of artificial intelligence[CITATION Aad18 \l 2057 ].
However, international data flows are raising concerns. The provision online of search,
communication, health, education, retail and financial services relies on, or could lead to, the
collection of personal data. The global nature of the internet means that such data can be
quickly and easily transferred to third parties in other jurisdictions. This transfer can
undermine domestic privacy goals when the personal data of citizens flows to jurisdictions
which do not offer them comparable levels of privacy protection[ CITATION Aad18 \l 2057 ].
This concern can prompt domestic regulators to limit the free flow of data across borders.
While many data-driven businesses have seen rapid growth in recent years, their development
might be highly contingent upon data protection regulation, in response to the dramatic
growth of international data flows, the EU implemented the world’s most legally
comprehensive data protection regime. In April 2016, the European Parliament adopted the
GDPR, replacing its outdated Data Protection Directive, enacted in 1995, a directive allows
for each of the twenty-eight members of the EU to adopt and customize the law to the needs
of its citizens, whereas a regulation requires its full adoption with no leeway by all 27
countries second. In this instance, the GDPR requires all 27 countries of the EU to comply.
The General Data Protection Regulation is a legal framework that requires businesses to
protect the personal data and privacy of European Union (EU) citizens for transactions that
occur within EU member states. It covers all companies that deal with the data of EU
citizens, specifically banks, insurance companies, and other financial companies. Since its
inception, several companies and websites have had to recalibrate their privacy policies and
the way customer data is collected.
Under the GDPR, data can only be transferred outside of the EU under certain conditions.
The primary condition allowing for data transfer requires the European Commission to first
find that the third country receiving the personal data provides an adequate level of
protection. GDPR allows the European Commission to make an adequacy determination with
respect to a single territory or particular sectors within a third country. This enabled the EU
and US to reach the EU-US Privacy Shield, serving as an adequacy determination only
applying to specific economic sectors in the US[ CITATION Gay21 \l 2057 ]. Advanced
economies like the US and others can afford and are able to take the steps needed to conform
with the EU’s privacy standards.
However, the case is quite different with developing economies. The GDPR confronts
developing countries with a dilemma. If they seek an adequacy determination, then they must
enact a national privacy law essentially equivalent to that of the EU. Argentina, Uruguay, and
a few other countries have chosen to do so.[ CITATION Gay21 \l 2057 ]. However, a national
law imposes the same data protection standard on all firms in the country, regardless of
whether they sell exclusively at home or also abroad. This uniform and stringent standard
could have adverse effects on developing businesses who operate solely in developing
markets. Companies often claim that stricter data protection regulation puts them at a
disadvantage in relation to firms in countries with laxer regulation[ CITATION Wal21 \l 2057 ]
and as such stifle competition.
Governments in those developing countries attempting to adopt data protection legislation are
having problems modelling their data protection regimes, though most opt for an approach
consistent with the EU Directive [ CITATION Uni16 \l 2057 ] . Common challenges such as the
length of time it takes to pass legislation, financial costs associated with implementing and
enforcing a data protection regime, and a lack of public and private sector knowledge and
cooperation among governmental entities regulating in parallel. In some countries, a lack of
understanding and fear within society can also exacerbate one or more of the aforementioned
difficulties.
The African Union adopted in June 2014 a Convention on Cyber-security and Personal Data
protection, but as of June 2017, only Senegal had ratified its commitment. The Economic
Community of West African States (ECOWAS), through the ECOWAS Supplementary Act
A/SA.1/01/10 on data protection, has seen the establishment of a data protection authority in
seven of its member states. The. As of June 2017, only Senegal had ratified its
commitment.24 The Economic Community of West African States (ECOWAS), through the
ECOWAS Supplementary Act A/SA.1/01/10 on data protection, has seen the establishment
of a data protection authority in seven of its member states[ CITATION Wor17 \l 2057 ].
As of November 2017, the EU announced a Euro 44 billion fund towards its External
Investment Plan (EIP) for of sustainable investment for Africa. With this increased business
investments in Africa by the European Union through Economic Partnership Agreements
(EPAs), adherence to the GDPR by African entities will likely determine whether they attract
or retain more European business partners. Besides, the pressure to adhere will be prevalent
among those entities which frequently interact with EU subjects’ data[CITATION CIP18 \l
2057 ].
Objectives
The research seeks to achieve its general objective of the effect of European General Data
Protection Regulation on the African eco system following specific objectives;
1. Define the key aspects of the GDPR
2. Define the risks for developing economies when they do not provide for GDPR
3. Analysis on the European GDPR has impact on the African eco system
4. Provide recommendations options of navigating the GDPR

Research Questions
The research will ask the following questions;
i. What are the key concepts of GDPR?
ii. How are developing economies addressing the issue of data privacy?
iii. How aligned are the data protection policies in developing economies with GDPR?
iv. What impact does European GDPR have on the African eco system?
v. What options are available for navigating the GDPR?

Research Methodology
The research will be based on the analysis of data protection legislations enacted by several
developing countries and economic blocs, reports of the trade volume between the EU and
developing economies, analysis of the GDPR related cases, studies of how the developed
economies responded to GDPR and relate with the developing world.
The period of consideration will be between 2014 to 2020

Research Timeline
Research section Duration
1. Title 1 week
2. Introduction
 3. Justification 1 week
4. Background 1 week
5. Objectives
6. Research Questions and or Hypothesis 1 week
7. Research Methodology 1 week
8. Data analysis interpretations and discussions 1 week
9. Summary conclusion and recommendations 1 week
10 Reviewing work for final submission 1 week
.

References
Amiot, E. (2020). European Digital Sovereignty Syncing; Values And Value. Oliver Wyman-A
Marsh & McLennan Company.

CIPESA. (2018). Challenges and Prospects of the General Data Protection Regulation (GDPR)
in Africa. CIPESA ICT.

Foundation, W. w. (July 2017). A smart web for a more equal future; A series focused on
identifying the challenges and opportunities ahead and ways to address them. NW,
Suite 500, Washington DC 20005, USA: World Wide Web Foundation.

Gay, C. (2021, April 10). The GDPR’s Effect on Transatlantic Relations. Retrieved from
University of Chicago law school International Program Papers:
https://chicagounbound.uchicago.edu/international_immersion_program_papers/

Mattoo, A. (May 2018). International Data Flows and Privacy; The Conflict and Its
Resolution.

Monda, C. F. (2019). Fundamentals of Clinical Data Science. (P. Kubben, Ed.) Cham,
Switzerland: Springer imprint.

United Nations. (2016). Data protection regulations and international data flows:
Implications for trade and development. New York and Geneva: UNITED NATIONS
PUBLICATION.

Wallace, N. &. (2021, 04 10). The impact of the EU’s new data protection. Retrieved from
https://datainnovation.org: https://datainnovation.org/2018/03/the-impact-of-the-
eus-new-data-protection-regulation-on-ai/