Subscribe
  • Home
  • /
  • Security
  • /
  • Think data protection first, POPIA compliance will come

Think data protection first, POPIA compliance will come


Johannesburg, 21 Oct 2020

Information security and data privacy are at the core of the Protection of Personal Information Act (POPIA). Companies that prioritise the safeguarding of their proprietary and customer data will benefit from better business resilience in the face of increased cyber crime while simultaneously complying with the Act.

“A robust and resilient business should be your primary goal. Rather than focusing only on compliance, use this as an opportunity to sharpen your organisation’s data protection capabilities. 

"Once you understand how POPIA and other information security standards, such as ISO27001, can benefit your business, it's like hitting two birds with one stone: you take appropriate and reasonable steps to fine-tune how your business works with confidential information, and compliance follows naturally,” says Charl Ueckermann, CEO of AVeS Cyber Security.

The elements required to protect personal information are the very same elements needed for the protection of other valuable information in a business. CIOs and IT managers should address the confidentiality, integrity and availability of data, and cover both the cyber and physical security aspects of information protection. For instance, controls must be in place to stop employees from accessing or downloading information that they should not be privy to, as well as preventative measures and policies around sharing information in other ways, such as telephonically or by saving information onto a USB device and leaving it lying around.

The first step is to identify which information needs to be protected in the organisation. “Any information that you deem as critical to your business or mentioned in POPIA should be protected. This can include information about employees and customers, product information, research data, financial information and other intellectual property,” says Ueckermann.

Starting with a facilitated POPIA assessment is a productive and cost-effective way to help a business determine how compliant they are with POPIA, which sections of the Act are applicable based on the nature of their operations, and which information should be protected. Different companies in different industries will need to take different steps. Additionally, what applies to a big corporate may not apply to a small or medium-sized business.

“A guided assessment further provides valuable insights into where there are gaps and how to prioritise addressing them. An implementation roadmap often follows a good POPIA assessment to show where to focus information protection efforts to meet POPIA's requirements timeously,” says Ueckermann.

Ueckermann concludes saying that a proactive approach to information security now will help companies to ensure that their houses are in order, and done cost-effectively, before the POPIA grace period ends in June 2021.

“If you are not already thinking about information security, there is no better time than now. Look beyond compliance and focus on protecting your business, your intellectual property and the stakeholders that are linked to it. As you take steps to take control of your information and organisational processes, you will also prepare for POPIA. The great value-add of having control of your information is that breaches are less likely to be missed and you will have the tools and systems in place to respond quickly to, and recover from, security incidents.”

Share

AVeS Cyber Security

AVeS Cyber Security is a specialist in industry-specific IT Governance & Architectural services, combining expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions. Over the past 22-years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the continually evolving threat landscape while achieving their digital transformation aspirations. The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. In 2019 and 2020, the company won eight awards from some of the world’s top technology vendors, indicating competency, strength, innovation and robustness in an industry that is fast growing in complexity due to evolving challenges, such as ransomware, advanced targeted attacks and the Internet of Things. The awards include Kaspersky's Africa Partner of the Year 2019 and 2020, Kaspersky's Top META Learning Partner 2020, ESET's Regional SMB Sales Champion 2019 and 2020, ESET's Product Champion 2019, Symantec's SMB Partner of the Year 2019, and Sophos' Upcoming Partner of the Year 2020. AVeS Cyber Security also received four new partner statuses, namely, Microsoft Gold Datacentre Partner, DellEMC Gold Partner, Veeam Silver partner and Sophos Platinum partner.

Editorial contacts

Vickie Slabbert
Echo Square PR
(082) 411 7602
vickie@echosquare.co.za
Chani Slabbert
AVeS Cyber Security
(+27) 11 475 2407
chani@aves.co.za