PCI DSS can be your PoPIA security blueprint

1 August 2020 Security Services & Risk Management

The Protection of Personal Information Act, 2013 (PoPIA), South Africa’s data privacy law, has come into effect and with 12 months to become compliant, those companies that aren’t acquiescent will definitely start feeling the pressure.

PoPIA is an important step in protecting data privacy as it stipulates that personal information must be protected and can only be collected or handled where there’s lawful justification for doing so. Put in laymen’s terms, PoPIA governs when and how organisations collect, use, store, delete and otherwise handle personal information.


Simeon Tassev.

For organisation, it poses quite a daunting task, and while there is still almost a year to become compliant, it will be no easy feat. The major challenge is that PoPIA requires the analysis of all personal information, therefore, where it came from and what organisations intend to do with it. It is a massive of amount of data that needs to be secured and analysed.

The good news is there is already a very mature standard in place that will provide organisations with tried and tested guidance on achieving PoPIA compliance and securing data. The Payment Card Industry Data Security Standard (PCI DSS), created by the Payment Card Industry Security Standards Council (PCI SSC) consists of 12 high-level requirements across six goals.

PCI DSS applies to all businesses that accept credit and debit cards and provides a myriad of standards and supporting materials such as specification frameworks, tools, measurements, and other resources. Ultimately, it presents the necessary framework for developing a complete sensitive data security process that encompasses prevention, detection, and appropriate reaction to security incidents.

Some of the requirements of PCI DSS can also be used to meet PoPIA compliance, such as goal number three: maintain a vulnerability management programme. Vulnerability management is the process of systematically and continuously finding weaknesses in an entity’s payment card infrastructure system. This includes security procedures, system design, implementation, or internal controls that could be exploited to violate system security policy.

PCI DSS offers extremely specific parameters and controls; in the case of PoPIA, the definition of ‘cardholder data’ will fall under personal information and security will be extended to include all this sensitive information.

The PCI DSS self-assessment questionnaires (SAQs) also offer important guidance as they provide organisations with relevant self-assessment on whether their customers’ data is safe and secure. The relevant SAQ can take you one step closer towards preventing data breaches and minimising liability.

The reality is a lot of the measures of PCI DSS pertain to protecting IT networks and systems such as firewalls, antivirus, security testing of system and security policies – these disciplines can be leveraged to move all personal information into a secure environment.

Lastly, the local industry already has a number of PCI DSS experts that have assisted South African companies to meet the requirements set by the standard. These organisations are proficient and will become invaluable partners in helping organisations navigate the move towards PoPIA compliance.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Risk management and compliance enforcement
Security Services & Risk Management
Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA).

Read more...
The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it’s a gamble.

Read more...
Managing mining physical security risks
Zulu Consulting Security Services & Risk Management Mining (Industry) Facilities & Building Management
[Sponsored] Risk-IO, a web app from Zulu Consulting, is designed to assist risk managers in automating and streamlining enterprise risk management processes, ensuring no steps are skipped and everything is securely documented.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.