The Protection of Personal Information Act (the POPI Act or POPIA) is due to come into effect on 21 July 2021 which will have a profound impact on every organisation which deals with consumer’s personal data. Failure to comply with the regulations of POPIA could have significant implications for organisations both from a legal and brand reputation perspective. Around the world a number of data breaches in recent years have had severe consequences.
The recent Business Day Focus 4.0 LIVE webinar, in partnership with Oracle, explored how business leaders can ensure compliance with data regulations while staying on course to achieve their business goals by building better data security into their digital transformation strategies, and how to comply with data regulations by keeping sensitive data in the cloud and on-premises.
Oracles Dragan Petkovic explained the changed data protection landscape, pointing out that a decade ago stolen credit cards were the big issue. Fast forward to 2020 and data privacy regulations are now the big focus. In the European Union the General Data Protection Regulation (GDPR) came into effect in 2018. A number of large corporates, including Google and British Airways, have been fined amounts up to €50 million for not adhering to GDPR regulations.
“GDPR has global reach,” pointed out Petkovic, adding that data breaches come in different guises including confidentiality breaches, data integrity breaches and availability breaches. Petkovic is the director in charge of Business Development for Security and Manageability for EMEA Security & Systems Management, based in Dubai in the United Arab Emirates. He has been involved in investigating a number of high profile data breaches in recent years.
Given the new reality of increased numbers of employees working from home, the challenge is for organisations to ensure that they have the necessary security frameworks in place to protect against data breaches.
The Information Regulator South Africa’s Ntsumbedzeni Nemasisi, the executive responsible for Promotion of Access to Information Act (PAIA) explained that POPIA requires that data collected within a particular country remains within its borders and can only be transferred to a third party in a different country in certain circumstances.
Sizwe Snail ka Mtuze, a member of the Information Regulator (South Africa), said POPIA prescribes both technical and organisational measures for the protection of personal information. His advice to organisations was to ensure that their employees were educated on the new data protection requirements and that companies conducted introspective risk assessments to establish whether or not they are POPIA compliant.
Sandhya Ramdhany, the legal director for SA and SADC region at Oracle said organisations need to have a unified and collaborative approach to data security. Businesses which work in competitive silos, she said, are particularly vulnerable. Going forward, risk management is crucial. However, ultimately, the buck stops with the board who need to give data security the attention it needs and deserves.
Simon Nare, senior manager for Technology Security at MTN SA said businesses can no longer take security issues for granted. The reality is that people connect to business networks from anywhere and as such, organisations need to have the necessary frameworks in place to protect their data.
To watch the full webinar, click here.