Understanding the data protection requirements and how to comply for POPI or GDPR

July 2019 Cyber Security, Security Services & Risk Management

For many companies that must comply with these legislations, the best way to prepare is to implement a solid data protection strategy that guards against loss of data whether through malicious or accidental methods.

Creating a data protection strategy can be a daunting process, especially if it hasn’t previously been a focus area for an organisation. A solid data protection strategy isn’t built in a day. While many of the data breaches today are due to hackers or malware, a considerable percentage of data breaches are caused by unintended disclosure. Protection against such threats is a great place to begin and Sophos recommends three steps to achieve it.

Stop hacking and malware

Malicious attacks that employ data-stealing malware are a major cause of data breaches. Firewalls stop threats at the door before they can penetrate your network, and stop them from spreading inside the network.

- Next-generation endpoint protection keeps your endpoint devices safe from data-stealing attacks with anti-malware, anti-exploit and anti-ransomware protection.

- Server protection secures your servers against advanced malware threats including ransomware, keeping your organisation's most sensitive data protected.

Secure devices even if lost or stolen

Misplacing a device or theft of a device is no defence against the GDPR or POPI compliance. Sophos Encryption is the easiest way to keep your data secure even if it is lost or stolen. Sophos Mobile utilises secure containers to keep sensitive data isolated and secure. In the event a device is lost or stolen it can be remotely locked and wiped.

Reduce impact of human error

Most of us have sent an email to the wrong person or been tempted by a realistic phishing email. But when sensitive data is involved an innocent mistake can become a costly fine. Organisations have to develop a culture through training where users can spot and report phishing emails across a wide range of industries and languages.

Because none of us lives in a world of unlimited budget and static risk, we must have a best-practice framework to protecting data in order to succeed. The GDPR or POPI expect us to take ‘state of the art’ into consideration when defining best practices, which leaves us to define what these best practices are and to make the appropriate investment trade-offs. Make sure to document why these decisions were sound and logical choices at the time, in case you are ever asked to defend them.

Six steps to take for GDPR/POPI readiness

1. Remember, always seek legal advice as part of any readiness plan for the GDPR/POPI.

2. Take ownership of your compliance readiness. These compliances are not a mystery or something to be feared. Organisations need to take ownership of compliance readiness. By becoming the expert, and explaining your common-sense risk and investment strategy, you can both drive buy-in and become empowered to act and lead.

3. Evaluate risk exposure. Understand the GDPR/POPI and use the common-sense approach to recognise your business’ exposure to the regulation and its potential fines.

4. Determine your investment level. Use simple maths to determine an appropriate investment level in GDPR/POPI readiness.

5. Get executive buy-in. If you do business in the EU or SA, your executives need to understand and support your approach.

6. Invest in ‘state-of-the-art’ best practices. Use the Data Security Scale as a framework to identify the next possible investment you should make to reduce your risk further.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Patient critical – healthcare’s cybersecurity pulse
August 2019, Wolfpack Information Risk , News, Cyber Security, Healthcare (Industry)
The healthcare industry has become one of the leading cybersecurity attack vectors worldwide for several reasons.

24-hour emergency response for staff
August 2019 , News, Security Services & Risk Management
The FirstRand Group has partnered with PanicGuard to create a 24-hour emergency response programme for staff.

Building a Human Firewall
August 2019, Kaspersky Lab , Cyber Security, Training & Education
Riaan Badenhorst, general manager of Kaspersky in Africa answers some questions on the role of people in cybersecurity risks.

Keeping our changing environment secure
August 2019 , Editor's Choice, Security Services & Risk Management
For a crime to take place there needs to be a victim and a criminal who sees an opportunity. For a cybercrime to take place we need the same set of circumstances.

The importance of real security risk assessments
August 2019, Sentinel Risk Management , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Andy Lawler, MD, Sentinel Risk Management, says a security risk assessment is an onerous task, but is not something estates can consider optional or a luxury item anymore.

Risk assessment or product placement?
August 2019, Technews Publishing, Alwinco, SMC - Security Management Consultants , Editor's Choice, Security Services & Risk Management, Residential Estate (Industry)
Hi-tech security solutions asked a couple of experts to provide estate managers and security managers with some insights into what a ‘real’ risk assessment includes.

Residential security – caveat emptor
August 2019, Stafix , Integrated Solutions, Security Services & Risk Management
When it comes to improving your property’s security, make sure you take all the options into account as you build a layered approach to keeping people safe and assets secured.

Ensuring your electric fence is compliant
August 2019, Stafix , Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
A challenge facing both existing and potentially new perimeter electric fence installations is how to economically meet the legal requirements required in the SANS 10222-3:2016 standards document.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Inundated with cyberattacks from all directions
August 2019 , Editor's Choice, Cyber Security, Security Services & Risk Management
IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up-to-date technology.