Preparing your data for PoPI

1 October 2019 IT infrastructure, Security Services & Risk Management

Now is the time for companies to ensure their data is compliant with the Protection of Personal Information (PoPI) Act. Although, South African businesses have been slow on the uptake when preparing for PoPI, intelligent data management can greatly simplify this mammoth task. Wavering is no longer an option and despite the lengthy process to publish the final regulations, the next step is to establish a deadline. Thereafter, organisations will have a grace period of only one year to comply and avoid heavy fines of up to 10 million rand and other dire consequences such as imprisonment (https://www.popiact-compliance.co.za/popia-information/16-offences-penalties-and-administrative-fines).

The first step - data encryption

When it comes to protecting any information, the way data is secured across the value chain needs to be addressed first and foremost. Encryption is the gold standard for ensuring adequate protection, and while many businesses currently encrypt their data at the storage layer, this is simply no longer enough. A data breach may occur at any point, including internally and while data is in transit. Organisations will be in breach of PoPI if they cannot prove this data is protected.

The General Data Protection Regulation (GDPR) is the European equivalent of PoPI and must be adhered to by all South African companies who do business with companies based in the European Union (EU). However, GDPR enforces similar, if not stricter standards to PoPI. For example, GDPR states that if data is encrypted, in the event of a breach and data theft, compliance is still maintained, and this is not necessarily mentioned in the PoPI Act. Moreover, data must also be encrypted at rest and in transit. As a result, data needs to be encrypted end-to-end, from the storage layer right through the database to the application layer, to ensure GDPR compliance and this will in turn, guarantee PoPI compliance.

The implications of encryption on storage costs

The challenge of end-to-end encryption with data residing on certain storage media is that it can result in storage costs spiralling out of control. This is due to the fact that many of these solutions rely on data reduction such as deduplication and compression to keep storage costs down. However, these techniques cannot be used on encrypted data.

Encrypted data can result in data storage becoming between three and five times more expensive, which can have a significant impact on any businesses total cost of ownership (TCO). In addition, it can negatively affect storage performance, with a knock-on effect to the performance of the business as a whole. It is essential to implement an intelligent storage solution that will prevent this increase in cost and decrease in performance as the amount of encrypted data grows.

An intelligent solution, an intelligent choice

Storage must address three key areas, namely capacity, cost and performance. The typical way of addressing performance challenges is to utilise all-flash arrays (AFAs). However, this is very expensive and therefore achieving high capacity is costly, especially when end-to-end encryption is required since data reduction does not work with here.

Conversely, intelligent software-based solutions can address all three of these areas, using commodity hardware to control cost and increase capacity while delivering high performance. This enables end-to-end encryption to be cost effectively implemented for optimum data protection and compliance. So, is an intelligent software storage solution the answer to PoPI compliance?


Hayden Sadler

The long and short of it

If data is encrypted end-to-end, PoPI (and the GDPR) compliance is maintained, even in the event of a data breach. This means you will not be fined, your reputation will remain intact, and any negative impact resulting from a breach can be mitigated and contained. A proper encryption strategy and intelligent software-based solution eliminates the risk of sensitive data being compromised as well as the risk of a PoPI-related penalty. If you are not prepared for PoPI, the time to start is now, or face the repercussions of non-compliance that could cripple your business.

For more information, contact INFINIDAT, Sapna Capoor, scapoor@infinidat.com




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Open source software as a tool for growth
Issue 2 2020 , IT infrastructure
Open source technology forms a part of virtually all IT applications and devices on the planet, and even runs the internet.

Read more...
5G security is all-important for governments
Issue 2 2020 , IT infrastructure
The 5G revolution is about to flip us from a society that 'uses networks' to one that 'runs on networks'.

Read more...
Unlocking the potential of IoT
Issue 2 2020 , IT infrastructure
With the potential economic impact of IoT estimated to top $11 trillion annually by 2025, local companies must see IoT as a strategic priority.

Read more...
What about corporate data at home?
Issue 2 2020 , IT infrastructure
Companies that send employees home with proper safeguards face challenges, but those relying on uncontrolled employee-owned phones and computers to get work done 'are sitting ducks'.

Read more...
Small server solution for small, remote businesses
Issue 2 2020 , IT infrastructure
HPE powers small businesses and remote office locations with monthly subscription for secure, easy-to-use IT solutions.

Read more...
The risk of dark data
Issue 2 2020 , IT infrastructure
Cloud adoption rises as businesses aim to reduce data protection costs, but many miss this benefit as they use cloud as a dumping ground for ‘dark’ and redundant, obsolete and trivial (ROT) data.

Read more...
The risk of dark data
Issue 2 2020 , IT infrastructure
Cloud adoption rises as businesses aim to reduce data protection costs, but many miss this benefit as they use cloud as a dumping ground for ‘dark’ and redundant, obsolete and trivial (ROT) data.

Read more...
Video surveillance multicast networks made easy
Issue 1 2020, Duxbury Networking , IT infrastructure
Many businesses are struggling to realise the full potential of modern video surveillance technology due to limitations of the underlying network.

Read more...
Three data protection predictions for 2020
Issue 1 2020 , IT infrastructure
Byron Horn-Botha from Arcserve Southern Africa relates the company’s top three data predictions to be on the alert for in 2020.

Read more...
An open foundation for 2020
Issue 1 2020 , IT infrastructure
The migration to open hybrid cloud technologies will be the way to go as we head into the new decade.

Read more...