Think data protection first, POPIA compliance will come

Issue 9 2020 IT infrastructure

Information security and data privacy are at the core of the Protection of Personal Information Act (POPIA). Companies that prioritise the safeguarding of their proprietary and customer data will benefit from better business resilience in the face of increased cybercrime while simultaneously complying with the Act.


Charl Ueckermann.

“A robust and resilient business should be your primary goal. Rather than focusing only on compliance, use this as an opportunity to sharpen your organisation’s data protection capabilities. Once you understand how POPIA and other information security standards, such as ISO27001, can benefit your business, it's like hitting two birds with one stone: you take appropriate and reasonable steps to fine-tune how your business works with confidential information, and compliance follows naturally,” says Charl Ueckermann, CEO at AVeS Cyber Security.

The elements required to protect personal information are the very same elements needed for the protection of other valuable information in a business. CIOs and IT managers should address the confidentiality, integrity and availability of data, and cover both the cyber and physical security aspects of information protection. For instance, controls must be in place to stop employees from accessing or downloading information that they should not be privy to, as well as preventative measures and policies around sharing information in other ways, such as telephonically or by saving information onto a USB device and leaving it lying around.

Identify your data

The first step is to identify which information needs to be protected in the organisation: “Any information that you deem as critical to your business or mentioned in POPIA should be protected. This can include information about employees and customers, product information, research data, financial information and other intellectual property,” says Ueckermann.

Starting with a facilitated POPIA assessment is a productive and cost-effective way to help a business determine how compliant they are with POPIA, which sections of the Act are applicable based on the nature of their operations, and which information should be protected. Different companies in different industries will need to take different steps. Additionally, what applies to a big corporate may not apply to a small or medium-sized business.

“A guided assessment further provides valuable insights into where there are gaps and how to prioritise addressing them. An implementation roadmap often follows a good POPIA assessment to show where to focus information protection efforts to meet POPIA's requirements timeously,” says Ueckermann.

He concludes saying that a proactive approach to information security now will help companies to ensure that their houses are in order, and done cost-effectively, before the POPIA grace period ends in June 2021.

“If you are not already thinking about information security, there is no better time than now. Look beyond compliance and focus on protecting your business, your intellectual property and the stakeholders that are linked to it. As you take steps to take control of your information and organisational processes, you will also prepare for POPIA. The great value-add of having control of your information is that breaches are less likely to be missed and you will have the tools and systems in place to respond quickly to, and recover from, security incidents.”


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

TRENDnet introduces ONVIF conformant Smart Surveillance switches
Issue 7 2020, TRENDnet , IT infrastructure
Gigabit PoE+ Smart Surveillance switches support PoE self-healing and integrated camera management features, and are ONVIF Profile Q conformant.

Read more...
First Distribution to distribute Video Storage Solutions
Issue 8 2020 , News, CCTV, Surveillance & Remote Monitoring, IT infrastructure
First Distribution has signed an agreement to distribute the entire Video Storage Solutions (VSS) product line of video surveillance appliances.

Read more...
COVID-19 will foster much needed collaboration in the future of work
Issue 7 2020 , IT infrastructure
Business leaders are starting to discuss the lessons learnt from these challenging times and how they can be used to shape the future world of work.

Read more...
Fake cloud vs true cloud
Issue 7 2020 , IT infrastructure
Many organisations have invested in fake cloud solutions only to find out that the benefits they expected have not materialised.

Read more...
The other connectivity option
Issue 8 2020 , IT infrastructure
The most efficient and affordable connectivity options for remote areas is unquestionably VSAT technology.

Read more...
Finding customer insights from data
Issue 8 2020 , IT infrastructure
Data is often trapped in multiple siloes, in non-standardised formats and frequently inaccessible to those who need it, hampering operational efficiency and regulatory compliance.

Read more...
Unified data protection for cloud applications
Issue 8 2020 , IT infrastructure
Arcserve Southern Africa has announced the availability of Arcserve’s UDP for the SA market, aimed at the protection of Microsoft 365.

Read more...
Fibre the key to more effective community security
CCTV Handbook 2020 , IT infrastructure
Bringing reliable, affordable, high-speed fibre connectivity to a community signifies opportunities for upliftment, safety and security.

Read more...
A cloud in your data centre
CCTV Handbook 2020 , IT infrastructure
Fully managed and configurable racks of AWS-designed hardware let customers in South Africa run their workloads on-premises and seamlessly connect with the broad array of AWS services in the cloud.

Read more...
AI and self-healing
Issue 7 2020 , IT infrastructure
Storage infrastructure that has in-built capacity as well as the ability to self-heal and self-tune is critical.

Read more...