There’s no ‘one size fits all’ solution to PoPIA compliance

Issue 6 2022 Security Services & Risk Management

Simeon Tassev.

The Protection of Personal Information Act (PoPIA) applies to all businesses in South Africa. However, while it is universally applicable, it is also open to interpretation, and the way in which it applies may differ depending on the nature of a business and the type of information it uses. There is no product or solution that you can buy off the shelf to deliver PoPIA compliance, and no ‘one size fits all’ template that can be applied, which makes it more important than ever to work with the right partners.

Are you ready?

Being PoPIA compliant is a complex exercise, and it is essential to start from the beginning with assessments of various environments, including PoPIA readiness and the cybersecurity landscape. Basically, you need to know where you are, otherwise you will have no idea how ready your business is for PoPIA compliance.

The foundation of this is an understanding of data, data flows and processes, and how these relate to PoPIA and other applicable data protection legislation. Then, businesses can focus their efforts on the data that relates to PoPIA and develop an appropriate framework and approach for elements like data protection, storage and management.

Mind the gaps

On the journey to PoPIA compliance, it is also essential to identify any potential issues in the landscape and data flows. A gap register is an essential element of this process as it will help to document these issues, outline any holes in the compliance strategy, and provide a base from which to work on improving compliance.

While PoPIA is open to interpretation in many areas, there are some very specific requirements that need to be in place, and if they are not, then this is a gap that must be addressed. For example, it is essential to have a way for people to unsubscribe from communications, and a process in place for people to request that their information be removed.

You cannot plead ignorance

While many areas of the Act are not well defined, PoPIA specifically states that ignorance is not considered a defence, but if you are not aware of a problem then you cannot fix it. Businesses need to perform appropriate assessments to form a benchmark of their compliance status, and then work toward addressing any problems, issues or gaps in their processes and practices.

This is an ongoing process as businesses, systems, processes and data are continually evolving, and a cybersecurity and compliance strategy should do the same. After the initial readiness assessments are performed, an annual assessment should be put into place to ensure that security and compliance status are maintained in line with both the generic requirements of PoPIA and areas specific to your business.

Compliance and security go hand in hand, and both need to be up to the right standard to ensure that they are aligned with the legal requirements and risk appetite of the business. However, what compliance looks like differs from business to business and you cannot simply buy a solution to fix the problem. Finding the right partner on this journey is essential to assessing compliance readiness, identifying and closing gaps, and continuing on the journey of compliance for the long term.

For more information contact Galix, 0861 242 549, [email protected],

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Rack-mounted, three-phase online UPS
Security Services & Risk Management IT infrastructure Products
The new Eaton 93PX 15-20 kVA UPS combines high efficiency with a compact footprint, lower TCO, and improved cybersecurity to provide stable power for critical IT, industrial, manufacturing, and medical applications.

South Africa’s solar boom against load shedding
Security Services & Risk Management
South Africa has installed more rooftop and onsite solar contracted to private consumers in the last year and a half than under government programmes in the last ten years.

Five reasons why your board should push cybersecurity ‘boundaries’
Security Services & Risk Management IT infrastructure
From a technological perspective, micro-segmentation of your IT security environment can be viewed as a way to identify, isolate and curtail the reach of any threat – even once it is in your network.

Key timelines to ensure compliance
Security Services & Risk Management
Regulations to the Occupational Health and Safety Act that apply to major hazard installations require that certain actions be taken to manage health and safety risks – some with timelines for compliance that must be monitored.

Best practice tips for strengthening data privacy system
Security Services & Risk Management Cyber Security
International cybercriminals are increasingly targeting South African organizations, making data privacy more difficult to maintain. A standardization expert offers insight to help combat this threat.

Is AI the game-changer for streamlining anti-money laundering compliance?
Financial (Industry) Security Services & Risk Management
In the aftermath of South Africa's recent grey listing, companies are now confronted with the imperative to address eight identified strategic deficiencies, while simultaneously reducing their financial crime risk through anti-money laundering compliance processes.

Five ways to reduce your cyber insurance premiums
Security Services & Risk Management News
With the global costs of cybercrime expected to soar to $13 trillion within the next five years, cyber insurance is booming as organisations try to mitigate the risk of financial losses.

Client satisfaction boosted by 85% at Thungela Mine
Thorburn Security Solutions News Security Services & Risk Management Mining (Industry)
Thorburn Security, a division of Tsebo Solutions Group, has announced its recent collaboration with Kwa-Zulu Natal security company, Ithuba Protection Services, as part of its Enterprise Supplier Development (ESD) initiatives across Africa.

Migrating to the cloud? Beware the many hurdles
IT infrastructure Security Services & Risk Management
While there are undoubtedly many benefits, there are also numerous hurdles to cloud adoption. Some of the biggest challenges revolve around managing cloud spend, understanding the cost components of cloud infrastructure, and how those costs can scale.

Key strategies for businesses in the face of cyber threats
Cyber Security Security Services & Risk Management
Businesses face severe financial and reputational consequences due to data breaches and daily website hacks, and not all organisations are adequately prepared to combat these escalating threats.