Yes. If a company that is based in South Africa processes the data of EU/UK citizens and residents, it would be expected to comply with both the local legislation (POPI) as well as the GDPR. It is therefore very important that companies are aware of what both sets of legislation require from them.