POPI adds new dimension to personal data protection in SA

The law not only covers people, but 'data subjects' or any legal entities that then have the right to have their information protected, says Danie Marais, Product Management Director, Redstor.

Johannesburg, 14 Aug 2017
Read time 2min 50sec
Danie Marais, Founder and Director of Redstor
Danie Marais, Founder and Director of Redstor

Whether one has totally embraced South Africa's Protection of Personal Information (POPI) Act or not - or truly understands the legal responsibilities it enforces on businesses and organisations - there is no denying it has altered the scope of data protection, management and governance in South Africa.

POPI will become a reality and whilst South Africa's public and private sectors still await the announcement of the year grace period for market compliance, it will be of benefit to them to start preparing for the legislation sooner rather than later. It has been introduced to ensure businesses and organisations act responsibly when dealing with (including collecting, processing, storing and sharing) another party/individual or legal entity's personal information.

The legislation covers all relevant aspects of management, including consent for when and how information is shared, how much information and what type of information is collected and why, how this information will be used and who will have access to the information. And information in this context is basically any information related to a data subject that can be used directly or indirectly to identify that person, according to Redstor, an international data management and security specialist firm. Danie Marais, Product Management Director, Redstor, says it is important to realise the law not only covers people, but also 'data subjects' or any legal entities that then have the right to have their information protected.

Marais explains one could draw similarities between POPI and the European GDPR or General Data Protection Regulation.

GDPR was implemented by the European Parliament in April 2016, and will fully take effect after a two-year transition ending 25 May 2018.

GDPR replaces the previous Data Protection Directive (DPD), adopted in 1995, and will, in the UK, strengthen the Data Protection Act (DPA).

One of the initial differences between GDPR and DPD is that GDPR is a regulation, not a directive; as a regulation, no additional enabling legislation will have to be passed by governments of member states.

In compliance with GDPR, organisations must ensure measures have been taken to minimalise risk and the chance of data breach.

These processes and policies will also ensure organisations are accountable and can be governed; part of the ICO guidelines on GDPR reads, organisations must "implement appropriate technical and organisational measures that ensure and demonstrate compliance".

At the centre of both these sets of legislation is the principle of upholding data sovereignty, and the ability of businesses and organisations to manage and protect data more effectively and comply with regulations/guidelines.

"In much the same way GDPR has established a framework for how organisations need to take technical and organisational measures to protect data, POPI has been implemented to do precisely the same. From a South Africa market perspective, amid ongoing cyber threats, legislation that forces organisations and businesses to take responsibility for the way they handle data and this speaks to accountability, which is absolutely essential in today's market," Marais adds.


For nearly 20 years, Redstor has been the data management and security company of choice for businesses and organisations looking for a trusted advisor to manage and secure their data.

This experience, shaped by our community, creates our world-class software underpinning Redstor's Cloud Data Management and Security Platform. Redstor's platform addresses backup, DR and archiving and the journey towards security, access and insight, all managed and controlled from one place.

Redstor has a face behind its cloud... it prides itself on the fact that it is a company built, managed and optimised by people, for people and it gives its customers control over its most valuable asset... their data, wherever, whenever, forever.

Editorial contacts
Rubicomm Gloria Malan (+27) 82 340 2876 gloria@rubicomm.co.za
Have your say
Facebook icon
Youtube play icon