There’s no ‘one size fits all’ solution to PoPIA compliance

Issue 6 2022 Security Services & Risk Management

Simeon Tassev.

The Protection of Personal Information Act (PoPIA) applies to all businesses in South Africa. However, while it is universally applicable, it is also open to interpretation, and the way in which it applies may differ depending on the nature of a business and the type of information it uses. There is no product or solution that you can buy off the shelf to deliver PoPIA compliance, and no ‘one size fits all’ template that can be applied, which makes it more important than ever to work with the right partners.

Are you ready?

Being PoPIA compliant is a complex exercise, and it is essential to start from the beginning with assessments of various environments, including PoPIA readiness and the cybersecurity landscape. Basically, you need to know where you are, otherwise you will have no idea how ready your business is for PoPIA compliance.

The foundation of this is an understanding of data, data flows and processes, and how these relate to PoPIA and other applicable data protection legislation. Then, businesses can focus their efforts on the data that relates to PoPIA and develop an appropriate framework and approach for elements like data protection, storage and management.

Mind the gaps

On the journey to PoPIA compliance, it is also essential to identify any potential issues in the landscape and data flows. A gap register is an essential element of this process as it will help to document these issues, outline any holes in the compliance strategy, and provide a base from which to work on improving compliance.

While PoPIA is open to interpretation in many areas, there are some very specific requirements that need to be in place, and if they are not, then this is a gap that must be addressed. For example, it is essential to have a way for people to unsubscribe from communications, and a process in place for people to request that their information be removed.

You cannot plead ignorance

While many areas of the Act are not well defined, PoPIA specifically states that ignorance is not considered a defence, but if you are not aware of a problem then you cannot fix it. Businesses need to perform appropriate assessments to form a benchmark of their compliance status, and then work toward addressing any problems, issues or gaps in their processes and practices.

This is an ongoing process as businesses, systems, processes and data are continually evolving, and a cybersecurity and compliance strategy should do the same. After the initial readiness assessments are performed, an annual assessment should be put into place to ensure that security and compliance status are maintained in line with both the generic requirements of PoPIA and areas specific to your business.

Compliance and security go hand in hand, and both need to be up to the right standard to ensure that they are aligned with the legal requirements and risk appetite of the business. However, what compliance looks like differs from business to business and you cannot simply buy a solution to fix the problem. Finding the right partner on this journey is essential to assessing compliance readiness, identifying and closing gaps, and continuing on the journey of compliance for the long term.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

A standards-based, app approach to risk assessments
Security Services & Risk Management News & Events
[Sponsored] Risk-IO is web-based and designed to consolidate and guide risk managers through the whole risk process. In this article, SMART Security Solutions asks Zulu Consulting to tell us more about Risk-IO and how it came to be.

Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Integrate digital solutions to reduce carbon footprint
Facilities & Building Management Security Services & Risk Management
As increasing emphasis is placed on the global drive towards net zero carbon emissions, virtually every industry is being challenged to lower its carbon footprint and adopt sustainable practices.

Visualise and mitigate cyber risks
Security Services & Risk Management
SecurityHQ announced its risk and incident management capabilities for the SHQ response platform. The SHQ Response Platform acts as the emergency room, and the risk centre provides the wellness hub for all cyber security monitoring and actions.

Eighty percent of fraud fighters expect to deploy GenAI by 2025
Security Services & Risk Management
A global survey of anti-fraud pros by the ACFE and SAS reveals incredible GenAI enthusiasm, according to the latest anti-fraud tech study by the Association of Certified Fraud Examiners (ACFE) and SAS, but past benchmarking studies suggest a more challenging reality.

Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Proactive strategies against payment fraud
Financial (Industry) Security Services & Risk Management
Amid a spate of high-profile payment fraud cases in South Africa, the need for robust fraud payment prevention measures has never been more apparent, says Ryan Mer, CEO of eftsure Africa.