Data privacy, defined by Tech target is a discipline intended to keep data safe against improper access, theft or loss. One of the triads of cybersecurity is confidentiality and this has to do with data privacy. The world has become a global village and data privacy issues are now more relevant than they ever were before.
In 2009, a popular brand in America had a serious breach of its systems. For 18 months, hackers had access to the brand’s data and were able to get customers credit card details and personally identifiable information undetected. How did this happen? and how can you make sure that this doesn’t happen to your organization? The answer is simple, you need to pay attention to data privacy. As long as your business collects personal identifiable information, your business has a duty to protect the confidentiality of the people who have given you that information.
Sometimes, the obligation to protect data is beyond a moral right. In Europe for example, you have the GDPR (General Data Protection Regulation), in America you have applicable laws like Health Insurance Portability and Accountability Act of 1996 (HIPAA) which demand data privacy. In Nigeria, privacy rights draw from the Constitution of the Federal Republic of Nigeria (1999) (as amended) and can also be found in the Nigerian Data Protection Regulation, 2019.
All these laws show you that as a business owner, you are not only expected to protect data, you are under an obligation by law in some cases to protect certain types of data. The question is, how do you protect data and ensure that the privacy rights of your customers are respected?
- Employ a CISO: You should consider employing a Chief Information Security Officer (CISO) if your organization is large, who would be in charge of formulating policies to protect data privacy as well as other valuable data in your organization. Actions like these can prevent competitors from getting valuable data from your company, ensure your company complies with relevant laws on data privacy and thus win customers’ confidence in your brand.
- Implement good information security policies and procedures: You would also need to create good policies on information security. Ensure documents with sensitive data on customers are password protected, ensure that firewalls and anti-malware software are installed to fight off malicious cyber-attacks aimed at stealing customer data and create trainings for staff handling sensitive data.
- Don’t collect data you don’t need: Where you don’t need to collect customer data, don’t do it. Only ask customers to give you the information relevant to the service you are providing for them.
- Don’t keep data longer than you need it: Where you don’t need data anymore, and no law requires that you keep it, destroy it. Where a customer has indicated that they want their account deleted, or they don’t want to share their data with your company anymore, ensure that the data is destroyed.
- Properly destroy data that is no longer useful to you: The same way you receive data through a process, you need to understand that destroying data is also a process. Data is not destroyed simply because you put it in the recycle bin and deleted it from the recycle bin. Ensure that data is properly destroyed when it’s no longer useful.
At the end of the day, data privacy is important for businesses in the world today. I hope these tips would help you choose to take steps to protect your customers data in every part of your business and ensure the data privacy rights of your customers are respected.
Article by: Morenike George-Taylor CDMP, County Support Director & Data Governance Expert
Kenya: Country-by-country reporting thresholds introduced from 1 January 2023
Tax image credit: Getty
The Kenyan Government, in its latest Finance Act 2022, has enacted some key changes in the area of direct tax, including an important update on the country-by-country (CbC) reporting threshold for multinational companies.
What is country-by-country reporting?
Corporates and connected persons, such as groups of companies and multinational entities (MNEs) usually face complex compliance risks. To address the potential gaps and mismatches in various tax systems globally, the Organization for Economic Co-operation and Development (OECD) introduced Action 13 CbC reporting as part of its Base Erosion and Profit Shifting (BEPS) Action Plan. Under BEPS Action 13, MNEs are required to prepare a CbC report with aggregate data on the allocation of income, profit, taxes paid and economic activity amongst all the jurisdictions in which they operate. This report must be shared with the tax administrations in these jurisdictions, for use in high-level transfer pricing and BEPS risk assessments. Part of the solution provided by Action 13 is to require countries to adopt legislation dealing with the filing of CbC reports in their jurisdiction.
Finance Act 2022 updates of CbC
The Kenyan Government has introduced a threshold for CbC reporting with the effect from 1 January 2023. The threshold introduced in the Finance Act is for companies with gross revenues of KES 95 billion (EUR 790 million approximately) or more, including extraordinary and investment income. From 1 January 2023, a parent entity or a constituent entity of a MNE group that is tax resident in Kenya, and that has a gross turnover of over KES 95 billion, will be required to file a CbC report of its financial and economic activities in Kenya, as well as all other jurisdictions in which the MNE has a taxable presence.
The report must contain all information of the group’s aggregate revenue, profit or losses before tax, income tax paid, income tax accrued, accumulated earnings, number of employees, tangible and intangible assets, cash and cash equivalents and any other information as requested by the Kenya Revenue Authority (KRA).
Information to be contained in the master and local bundle.
The Finance Act requires a master file that must contain the following:
- A detailed overview of the group and the group’s growth engines.
- A description of the supply chain of the key products and services.
- The group’s research and development policy.
- A description of each constituent entity’s contribution to value creation.
- Information about intangible assets and the group intercompany agreements associated with them.
- Information on any transfer of intangible assets within the group during the tax period, including the identity of the constituent entities involved, the countries in which those intangible assets are registered and the consideration paid as part of the transfer.
- Information about financing activities of the group.
- The consolidated financial statements of the group.
- Tax rulings made in respect of the group.
- Any other information requested by the KRA.
The local file must contain:
- Details and information of the resident constituent activities within the multinational enterprise group.
- The management structure of the resident constituent entity.
- Business strategies, including structuring, description of the material-controlled transaction, the resident. constituent entity’s business and competitive environment.
- International transactions concluded by the resident constituent entity.
- Amounts received by the entity.
- Any other information requested.
Exceptions to the CbC report filing requirement
The Finance Act provides certain exceptions to the filing requirements for a resident constituent entity of an MNE group. If a non-resident surrogate parent entity already files a CbC report for the group with the tax authorities of its tax jurisdiction, the jurisdiction in which the non-resident surrogate parent entity is resident requires a CbC report in terms of its domestic legislation, under the following conditions:
- The tax authorities of the jurisdiction where the non-resident surrogate parent entity have an exchange of information agreement with the KRA.
- The tax authority in the jurisdiction where the non-resident surrogate parent is resident has not notified the KRA of a systematic failure.
- The non-resident parent entity has notified the competent authority in the jurisdiction of its tax residence and that the entity is the designated surrogate parent entity of the group.
The reporting requirements brought by the Finance Act 2022 are consistent with the OECD’s BEPS Action Plan 13 guidelines and the three-tiered documentation approach, which is relevant to the reporting of related-party transactions and aligns with the four minimum standards under the OECD’s BEPS project.
It is important for parent entities of MNEs operating in Kenya to note the additional compliance burden which is imposed by this new legislative update. Multinationals that would be affected by the new legislative update should review their current transfer pricing documentation and compliance processes to ensure that they are in line with the new reporting requirements under the Finance Act 2022, by 1 January 2023. Failure to comply with the CbC reporting requirements will be an offense in Kenya and subject to a fine not exceeding KES 1 million (EUR 8200 approximately), a prison term not exceeding three years, or both, upon conviction.
By: Francis Mayebe, Candidate Attorney, overseen by Virusha Subban, Partner and Head of the Tax Practice, Baker McKenzie Johannesburg
Companies Act: The Role Of A Shareholder And Director
1.1. PURCHASING SHARES IN A PRIVATE COMPANY AS PER SECTION 39(2) OF THE COMPANIES ACT
Section 39(2) of the Companies Act (herein referred to as the “Act”), provides that each shareholder of a private company has a right before any other person who is not a shareholder of that company, to be offered and to subscribe for a percentage of the shares to be issued with equal voting power of that shareholder’s general voting rights immediately before the offer is made, where the company is then compelled to make an offer to all of its voting shareholders pro rata to their respective percentages of the total number of voting rights, before it may issue any shares to a third party.
1.1.1. WHO IS BOUND BY THE SHAREHOLDER AGREEMENT
The binding force of the Shareholders Agreement stems from the law of contract, whereas section 15(6) of the Act, governs the status of a Company’s MOI and all MOIs need to be filed and registered with CIPC. The disadvantage of a Shareholders Agreement is that it binds only those shareholders who are party to it. It does not bind any other shareholders, unless they consent to be bound.
1.1.2. WHAT IS A SUBSCRIPTION AGREEMENT
A subscription agreement is a formal agreement between a company and an investor to buy shares of a company at an agreed-upon price. The subscription agreement contains all the required details. It is used to keep track of outstanding shares and share ownership (who owns what and how much) and mitigate any potential legal disputes in the future regarding share payout subscription agreement will include the details about the transaction, the number of shares being sold and the price per share, and any legally binding confidentiality agreements and clauses.
1.1.3. SUBSCRIPTION OF SHARES AGREEMENT
In the event that the Company proposes to issue any shares, other than shares issued in terms of options or conversion rights in terms of section 39(1)(b), or capitalisation shares in terms of section 47 or if the consideration for any shares that are issued or to be issued is in the form of an instrument such that the value of the consideration cannot be realised by the Company until a date after the time the shares are to be issued, or is in the form of an agreement for future services, future benefits or future payment by the subscribing party.
1.2. WHAT IS THE ROLE OF A DIRECTOR OF A PRIVATE COMPANY AS PER SECTION 76 OF THE COMPANIES ACT
By accepting their appointment to the position, directors and prescribed officers agree that they will perform their duties to a certain standard, and it is a reasonable assumption of the shareholders that every individual director and prescribed officer will apply their particular skills, experience and intelligence to the advantage of the company.
The Act codifies the standard of directors’ conduct in section 76. The standard sets the bar for directors very high. The intention of the legislature seems to be to encourage directors to act honestly and to bear responsibility for their actions – directors should be accountable to shareholders and other stakeholders for their decisions and their actions. However, with the standard set so high, the unintended consequence may be that directors would not be prepared to take difficult decisions or expose the company to risk.
Since calculated risk taking and risk exposure form an integral part of any business, the Companies Act includes a number of provisions to ensure that directors are allowed to act without constant fear of personal exposure to liability claims. In this regard, the Companies Act has codified the business judgement rule, and provides for the indemnification of directors under certain circumstances, as well as the possibility to insure the company and its directors against liability claims in certain circumstances.
The Act makes no distinction between executive, non-executive or independent non-executive directors. The standard, and consequent liability where the standard is not met, applies equally to all directors.
In terms of this standard, a director (or other person to whom section 76 applies), must exercise his or her powers and perform his or her functions. these are the following;
- In good faith and for a proper purpose.
- In the best interest of the company, and
- With the degree of care, skill and diligence that may reasonably be expected.
1.3. BREACH OF FIDUCIARY DUTY
The Companies Act prohibits a director from using the position of director, or any information obtained while acting in the capacity of a director, to gain an advantage for himself or herself, or for any other person (other than the company or a wholly-owned subsidiary of the company), or to knowingly cause harm to the company or a subsidiary of the company.
Directors have a fiduciary duty to act in the best interest of the company as a whole. Directors owe this duty to the company as a legal entity, and not to any individual, or group of shareholders – not even if the majority shareholder appointed the director.
Directors are obliged to act in good faith in the best interest of the company. They should act within the bounds of their powers, and always use these powers for the benefit of the company. Where a director transgresses his or her powers, the company might be bound by his or her action, but he or she can be held personally liable for any loss suffered as a result of the transgression.
In discharging any board or committee duty, a director is entitled to rely on one or more employees of the company, legal counsel, accountants or other professional persons, or a committee of the board of which the director is not a member. However, the director does not transfer the liability of the director imposed by this Act onto such employees. Directors of a company may be held jointly and severally liable for any loss, damage or costs sustained by the company as a result of a breach of the directors’ fiduciary duty or the duty to act with care, skill and diligence.
The Act sets out a range of actions for which directors may be held liable for any loss, damage or costs sustained by the company. These actions include the following; Acting in the name of the company without the necessary authority Being part of an act or omission while knowing that the intention was to defraud shareholders, employees or creditors Signing financial statements that were false or misleading in a material respect.
1.4. CIVIL CLAIM AGAINST THE DIRECTOR
Section 77(3)(b) of the Act, as read with section 22 of the Act, penalises and holds directors personally liable to the company for any loss incurred through knowingly carrying on the business of the company recklessly, with gross negligence, with intent to defraud any person or for any fraudulent purpose.
Shareholders play a critical role in terms of the South African Companies Act of 2008, with reference to the affairs of the company. Just any contract, shareholders agreement is the essential document that binds the relationship of shareholders who are a party to it. Notwithstanding the existence of Memorandum of Incorporation, (MOI) one of the roles of a shareholder is the appointment of directors. Therefore, the MOI provides “mechanism of power equilibrium” between the shareholders and directors of the company. In that the shareholders using their voting rights can authorize critical transactions and any dividends proposed by the directors.
As discussed above, subscription agreement is a contract that is between the company and investor for the purchase of shares at an agreed price. Such an agreement will have the terms and conditions agreed upon and can also be used to track any outstanding shares thus to mitigate possible legal disputes. Last but not least any director of the company ought to measure to the defined standard as per section 76 of the Companies Act, thus with reference to skills, experience and intelligence. In terms of the Act, directors ought to act with utmost honesty and should bear responsibility for their actions, as they are obligated to act in good faith and for the best interest of the company.
In conclusion, should there be any breach of the fiduciary duty by the director, section 77 (3) (b) of the Act read with section 22 of the Act penalizes and holds the directors personally liable to the company for any loss incurred through knowing conducting the affairs of the company recklessly with gross negligence. In such instances the veil of protection will be lifted so as to protect the company as a separate entity.
We acknowledge Dr Maribanyana Lebeko who is part of the advisory for Simanye Clinic for his assistance with respect to compilation, editing and proofreading of this article.
Baker McKenzie Report 2022: The rapid rate of competition law development across Africa
By Lerisha Naidu, Partner, Angelo Tzarevski, Associate Director, Sphesihle Nxumalo, Associate and Zareenah Rasool, Associate, Competition & Antitrust Practice, Baker McKenzie Johannesburg
Baker McKenzie’s latest Africa Competition Report 2022 provides a detailed analysis and overview of recent developments in competition law enforcement and competition policy in 32 African jurisdictions and regional bodies. The Report outlines how, over the past two years, African competition regulators have actively engaged in efforts to address pandemic-related challenges, but there has also been a general upward trend in competition policy enforcement across the continent.
This trend is highlighted by a number of significant recent developments in competition law regulation across the continent. Countries and regions with recent competition law developments include the Common Market for Eastern and Southern Africa (COMESA), Egypt, Ethiopia, Ghana, Kenya, Mauritius, Mozambique, Namibia, Nigeria and South Africa.
There were various developments with regards to COMESA in 2021. In February 2021, the COMESA Competition Commission issued a Practice Note in which it amended the interpretation of the term “operate””. Prior to this, a party “operated” in a COMESA Member State if it had turnover or assets in that Member State in excess of USD 5 million. This requirement has now been removed, effective from 11 February 2021, and a party will “operate” in a COMESA Member State merely if it is active in it (without a minimum turnover or asset threshold). The impact of this will be to make it easier for a transaction to fall within the scope of the COMESA merger control regime.
The COMESA Commission has also recently issued Draft Guidelines on Fines and Penalties, Draft Guidelines on Settlement Procedures and Draft Guidelines on Hearing Procedures.
In September 2021, the COMESA Commission issued its first penalty for failure to notify a transaction within the prescribed time periods, which penalty amounted to 0,05% of the parties’ combined turnover in the Common Market in the 2020 financial year. This was imposed in relation to the proposed acquisition by Helios Towers Limited of the shares of Madagascar Towers SA and Malawi Towers Limited.
In December 2021, the COMESA Commission imposed a fine for failure to comply with a commitment contained in a merger clearance decision.
The COMESA Commission also conducted eight investigations into restrictive business practices in 2021.
There were numerous recent developments in Egypt, including in November 2020, when the Competition Authority announced that the Egyptian Prime Ministry had approved the Prime Minister’s draft law amending certain provisions of the Egyptian Competition Law 3/2005. In February 2021, the Egyptian parliament’s Economic Affairs Committee started the discussions on the new amendments. The Competition Authority has also recently initiated market inquiries in relation to multiple sectors including healthcare, food, electronic and electrical appliances, automotive, real estate, media and petroleum sectors.
In April 2021, the Economic Court of Cairo issued a ruling in a criminal case brought in March 2020 by the Competition Authority, against five individual poultry brokers for colluding to fix the price of chicken to the detriment of consumers and chicken breeders. The court fined each broker 30 million Egyptian pounds (approx. USD 1.6 million) for agreeing to fix the price of a kilogram of chicken.
In July 2021, the Competition Authority initiated a criminal case against two companies who agreed to submit identical offers in one of the practices of the General Authority for Veterinary Services, in violation of Egyptian competition law.
The head of the Competition Authority announced plans for the creation of an Arab Competition Network to enhance cross-border cooperation between antitrust enforcers in the Middle East. The ACN would be the first to provide Arab competition authorities with an official platform to meet and discuss prominent issues and impending changes to antitrust law. The network would be run by the 22 members of the League of Arab States, which includes Egypt, Syria, Lebanon, Iraq, Jordan and Saudi Arabia, among others.
In Ethiopia, the Trade Competition and Consumer Protection Authority is working on regulations to provide guidance on the application of the Trade Competition and Consumer Protection Proclamation (No 813/2013). Proclamation No. 1263/2021, which is expected to be enacted and come into force in 2022, transfers the powers of the Trade Competition and Consumer Protection Authority to the Ministry of Trade and Regional Integration.
In Ghana, a draft Competition and Fair Trade Practices Bill is before parliament for consideration.
The Competition of Authority in Kenya finalised its study into the regulated and unregulated credit markets in the country and issued its report in May 2021. The Authority further developed the Retail Trade Code of Practice 2021, in consultation with stakeholders in the retail sector, to address the abuse of buyer power issues arising from the sector. Also in 2021, the Competition Authority conducted a dawn raid in the steel industry and issued draft joint venture guidelines, to clarify the rules and filing requirements of joint venture arrangements.
The Competition Commission in Mauritius concluded a market study in the pharmaceutical sector on 8 June 2021.
There were numerous developments in competition law in Mozambique in 2021, including that the Competition Regulatory Authority became operational in January 2021. Regulations on Merger Notifications Forms were enacted by means of Resolution No. 1/2021 of 22 April 2021. The Regulations prescribe the different forms to be completed for merger notifications, as well as the details of the information and documentation required. Regulations on Filing Fees were enacted by means of Ministerial Diploma No. 77/2021 of 16 August 2021. Filing fees are currently set at 0.11% of the turnover of the parties in the previous year, up to a maximum of MZN 2,250,000 (approx. USD 35,000). Amendments to the Competition Regulations were enacted by means of Decree No. 101/2021 of 31 December 2021.
A Competition Bill is in progress in Namibia, and the Competition Commission expects to submit the final version of the Competition Bill to the Ministry of Industrialisation and Trade by the end of June 2022.
On 2 August 2021, Nigeria adopted the Merger Review (Amended) Regulations 2021, which set out new fees applicable for merger filings. The Federal Competition and Consumer Protection Commission launched and publicised an investigation into the alleged anticompetitive conduct of five companies in the shipping and freight forwarding industry in October 2021.
There were various developments in South Africa in 2021, including in May 2021, when the Competition Commission launched the Online Intermediation Platforms Market Inquiry, focusing on four broad online intermediation platforms and market dynamics that specifically affect business users – eCommerce marketplaces, online classified marketplaces, software app stores and intermediated services (such as accommodation, travel, transport and food delivery). The Inquiry is ongoing with a provisional report scheduled for release on 10 June 2022, and the final report scheduled for release in November 2022.
In April 2021, the Commission released its market inquiry reports on Land Based Public Transport. Furthermore, in April 2021, the Commission published its final report on an impact assessment study it conducted in relation to COVID-19. The report sets out the findings of the Competition Commission regarding the impact of the COVID-19 block exemptions and the enforcement work done by the Competition Commission during the pandemic. The Competition Commission’s fifth Essential Food Pricing Monitoring Report, which is released quarterly, focused on tracking the impact of the COVID-19 pandemic and consequent economic crisis on food markets.
In May 2021, the Commission issued, for comment, draft guidelines on Small Merger Notifications, which contain specific guidance applicable to the assessment of digital mergers.
Notably, 2021 was the year when the Commission prohibited a merger solely on public interest grounds, making it the first transaction to be prohibited on non-competitive grounds. Ultimately, however, the merger was conditionally approved before the Competition Tribunal.
In November 2021, the Commission released its Economic Concentration Report, which highlighted patterns of concentration and participation in the South African economy. The report includes details on the Commission’s power to launch market inquiries into highly concentrated industries, as well as its increased authority to impose structural remedies on businesses in these sectors.
In March 2022, the Commission issued Guidelines on Collaboration between Competitors on Localisation Initiatives, which are aimed at providing guidance to industry and government on how industry players may collaborate in identifying opportunities for localisation and implementing commitments related to localisation initiatives in a manner that does not raise competition concerns.
In March 2022, the Commission launched a market inquiry into the South African fresh produce market, which will examine whether there are any features in the fresh produce value chain, which lessen, prevent or distort the competitiveness of the market.
The Commission concluded various settlement agreements with market players (e.g., grocery retailers and laboratories) to reduce the prices of goods and services.