Understanding the data protection requirements and how to comply for POPI or GDPR

July 2019 Cyber Security, Security Services & Risk Management

For many companies that must comply with these legislations, the best way to prepare is to implement a solid data protection strategy that guards against loss of data whether through malicious or accidental methods.

Creating a data protection strategy can be a daunting process, especially if it hasn’t previously been a focus area for an organisation. A solid data protection strategy isn’t built in a day. While many of the data breaches today are due to hackers or malware, a considerable percentage of data breaches are caused by unintended disclosure. Protection against such threats is a great place to begin and Sophos recommends three steps to achieve it.

Stop hacking and malware

Malicious attacks that employ data-stealing malware are a major cause of data breaches. Firewalls stop threats at the door before they can penetrate your network, and stop them from spreading inside the network.

- Next-generation endpoint protection keeps your endpoint devices safe from data-stealing attacks with anti-malware, anti-exploit and anti-ransomware protection.

- Server protection secures your servers against advanced malware threats including ransomware, keeping your organisation's most sensitive data protected.

Secure devices even if lost or stolen

Misplacing a device or theft of a device is no defence against the GDPR or POPI compliance. Sophos Encryption is the easiest way to keep your data secure even if it is lost or stolen. Sophos Mobile utilises secure containers to keep sensitive data isolated and secure. In the event a device is lost or stolen it can be remotely locked and wiped.

Reduce impact of human error

Most of us have sent an email to the wrong person or been tempted by a realistic phishing email. But when sensitive data is involved an innocent mistake can become a costly fine. Organisations have to develop a culture through training where users can spot and report phishing emails across a wide range of industries and languages.

Because none of us lives in a world of unlimited budget and static risk, we must have a best-practice framework to protecting data in order to succeed. The GDPR or POPI expect us to take ‘state of the art’ into consideration when defining best practices, which leaves us to define what these best practices are and to make the appropriate investment trade-offs. Make sure to document why these decisions were sound and logical choices at the time, in case you are ever asked to defend them.

Six steps to take for GDPR/POPI readiness

1. Remember, always seek legal advice as part of any readiness plan for the GDPR/POPI.

2. Take ownership of your compliance readiness. These compliances are not a mystery or something to be feared. Organisations need to take ownership of compliance readiness. By becoming the expert, and explaining your common-sense risk and investment strategy, you can both drive buy-in and become empowered to act and lead.

3. Evaluate risk exposure. Understand the GDPR/POPI and use the common-sense approach to recognise your business’ exposure to the regulation and its potential fines.

4. Determine your investment level. Use simple maths to determine an appropriate investment level in GDPR/POPI readiness.

5. Get executive buy-in. If you do business in the EU or SA, your executives need to understand and support your approach.

6. Invest in ‘state-of-the-art’ best practices. Use the Data Security Scale as a framework to identify the next possible investment you should make to reduce your risk further.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber futures in 2020
Issue 1 2020 , Cyber Security
MJ Strydom, managing director of cybersecurity specialist company, DRS, discusses what can be expected in 2020.

Seven security trends for 2020
Issue 1 2020 , Cyber Security
What challenges await the security professional in 2020? Lukas van der Merwe looks at the trends for the year ahead.

Security is not a single product solution
Issue 1 2020 , Cyber Security
Adopting a phased approach to security allows companies to develop a layered security posture to help control costs as well as the complexity.

From physical security to cybersecurity
Access & Identity Management Handbook 2020, Genetec , Cyber Security, Security Services & Risk Management
Genetec discusses the security-of-security concept as a means to protect cameras, door controllers and other physical security devices and systems against cybercriminal activity.

Biometrics in identity
Access & Identity Management Handbook 2020 , Access Control & Identity Management, Security Services & Risk Management
With multiple identity providers offering to manage digital identities for the general public, the root identity – the single sovereign trusted identity upon which all others are based – must start with government.

Minding the gaps to protect industrial PLCs from cyber threats
November 2019, AVeS Cyber Security , Cyber Security
PLCs, designed to control machinery and specific processes, were never built with cybersecurity threats in mind and protecting PLCs against these threats requires healthy isolation from the Internet.

African trust centre launches cyber division
November 2019 , Cyber Security
Advancing cybersecurity to more stringent heights, LAWtrust has launched a new division focusing on cybersecurity services to complement its identity, encryption and digital signature offerings.

What are the cybersecurity issues in video surveillance?
November 2019, Axis Communications SA , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
he importance of the data captured by surveillance cameras – and what can be done with it – has led to a new breed of cybercriminals, looking for insights to steal and sell.

Protecting the outer perimeter with cloud services
November 2019 , Cyber Security
Business leaders now have a choice whether they want to continue using their trusted firewall or move to a next-generation firewall delivered by appliances or as cloud services.

Information security outsourcing service
November 2019, Condyn , Cyber Security
SearchInform launches information security outsourcing service for companies that face the problem of corporate fraud and data leakage.