PoPIA: Time Is up

Issue 3 2021 Security Services & Risk Management, IT infrastructure

The countdown is on. The Protection of Personal Information Act (PoPIA) comes into full effect on 1 July 2021. With the deadline looming, there is a lot of confusion and ambiguity regarding its definitions, requirements and enforcement thereof.


Wale Arewa.

Failure to comply will result in steep fines for violators. Businesses have had ample time to prepare, but many are now scrambling to become compliant. They have realised that the impact is enormous, significant and unresolved personal data protection issues could result in financial penalties.

PoPIA regulates the usage and collection of personal data. Companies are required to handle all data carefully and provide customers with tools to update or delete personal information. They also need to alert consumers immediately if there is any form of breach.

PoPIA affects everyone, from financial institutions, data management companies, media companies, marketers and consumers. This means everyone should be aware of the Act and consequences for breaking the rules.

Penalties

Many businesses are unaware of the risks, but unfortunately ignorance of the law is no excuse. They will be liable should any breach occur. The penalties are severe, non-compliance could incur fines of up to R 10 million or even imprisonment.

Information officer

Every company needs to appoint an information officer that will be responsible for compliance. This person needs to be registered with the information regulator as a primary contact in case of any breach investigation. More importantly, the information officer will be responsible and face the consequences for any breaches.

Data protection

IT disposal has legislative requirements, compliance to PoPIA, the National Environmental Waste Management Act 2008 (NEMWA 2008), the Consumer Protection Act 68 of 2008 (CPA) and General Data Protection Regulations (GDPR).

Compliance affects employee, supplier and third-party data, as well as the systems that process it and how it is retained and destroyed. It includes the way personal information is stored, handled, processed, protected and who has access to it. Companies need to disclose what information is being gathered and how it will be stored. This could include staff records, ID numbers, drivers' licences, medical history or financial information.

Data disposal

With companies constantly acquiring new technologies, there is a corresponding and often overlooked increase in retired IT assets. These outdated PCs, laptops, monitors and other IT equipment tend to quietly pile up in storerooms.

According to legislation, businesses are required to manage the complete destruction of all data when IT assets reach end-of-life. PoPIA requires IT asset managers to practice due diligence and ensure their storerooms go through the expected data erasure techniques essential to protect company data.

Compliance is fast becoming a competitive advantage. Customers don’t want to be put at risk, data breaches and issues related to regulatory compliance, associated costs and loss of reputation will have dire consequences for businesses that suffer data breaches.

Find out more at www.xperien.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Key timelines to ensure compliance
Security Services & Risk Management
Regulations to the Occupational Health and Safety Act that apply to major hazard installations require that certain actions be taken to manage health and safety risks – some with timelines for compliance that must be monitored.

Read more...
Best practice tips for strengthening data privacy system
Security Services & Risk Management Cyber Security
International cybercriminals are increasingly targeting South African organizations, making data privacy more difficult to maintain. A standardization expert offers insight to help combat this threat.

Read more...
Paratus signs re-seller agreement with Starlink for Africa
News IT infrastructure
Pan-African telco and network services provider Paratus Group announced it has entered an agreement as a distributor for Starlink’s high-speed services across the African continent, available immediately in Mozambique, Kenya, Rwanda and Nigeria.

Read more...
Is AI the game-changer for streamlining anti-money laundering compliance?
Financial (Industry) Security Services & Risk Management
In the aftermath of South Africa's recent grey listing, companies are now confronted with the imperative to address eight identified strategic deficiencies, while simultaneously reducing their financial crime risk through anti-money laundering compliance processes.

Read more...
Five ways to reduce your cyber insurance premiums
Security Services & Risk Management News
With the global costs of cybercrime expected to soar to $13 trillion within the next five years, cyber insurance is booming as organisations try to mitigate the risk of financial losses.

Read more...
Client satisfaction boosted by 85% at Thungela Mine
Thorburn Security Solutions News Security Services & Risk Management Mining (Industry)
Thorburn Security, a division of Tsebo Solutions Group, has announced its recent collaboration with Kwa-Zulu Natal security company, Ithuba Protection Services, as part of its Enterprise Supplier Development (ESD) initiatives across Africa.

Read more...
The state of edge security report
News IT infrastructure
Edge computing has grown from being a niche use case in a handful of industries to offering a major opportunity for enterprises across industries to spread computing power around the world.

Read more...
Migrating to the cloud? Beware the many hurdles
IT infrastructure Security Services & Risk Management
While there are undoubtedly many benefits, there are also numerous hurdles to cloud adoption. Some of the biggest challenges revolve around managing cloud spend, understanding the cost components of cloud infrastructure, and how those costs can scale.

Read more...
Key strategies for businesses in the face of cyber threats
Cyber Security Security Services & Risk Management
Businesses face severe financial and reputational consequences due to data breaches and daily website hacks, and not all organisations are adequately prepared to combat these escalating threats.

Read more...
Manage security systems remotely
Hikvision South Africa CCTV, Surveillance & Remote Monitoring IT infrastructure Products
Hikvision launched a new generation of smart managed switches that, in conjunction with the Hik-Partner Pro mobile app, enable installers to remotely deploy and configure security systems with comprehensive operation and maintenance capabilities.

Read more...