Picture: 123RF/ALEXANDER ATKISHKIN
Picture: 123RF/ALEXANDER ATKISHKIN

The Protection of Personal Information Act (the POPI Act or Popia) is due to come into effect on July 21 2021, which will have a profound impact on every organisation that deals with consumers’ personal data.

Failure to comply with Popia’s regulations could have significant implications for organisations both from a legal and brand reputation perspective. A number of data breaches around the world in recent years have had severe consequences.

The Business Day Focus 4.0 LIVE webinar, in partnership with Oracle, explored how business leaders can ensure compliance with data regulations while staying on course to achieve their business goals by building better data security into their digital transformation strategies, and by keeping sensitive data in the cloud and on-premises.

Oracle’s Dragan Petkovic explained the changed data protection landscape, pointing out that a decade ago stolen credit cards were the big issue. Fast forward to 2020 and data privacy regulations are now the big focus. In the EU, the General Data Protection Regulation (GDPR) came into effect in 2018. A number of large corporates, including Google and British Airways, have been fined up to €50m for not adhering to GDPR regulations.

Data breaches come in different guises, including confidentiality breaches, data integrity breaches and availability breaches, said Petkovic, director of business development for security and manageability for EMEA Security & Systems Management, in Dubai in the UAE. Petkovic has been involved in investigating a number of high-profile data breaches in recent years.

With more employees working from home, organisations need to to ensure they have the necessary security frameworks in place to protect against data breaches.

The Information Regulator SA’s Ntsumbedzeni Nemasisi, the executive responsible for Popia, said that the act requires data collected within a particular country to remain within its borders and only transferred to a third party in a different country in certain circumstances.

Sizwe Snail ka Mtuze, a member of the Information Regulator SA, said Popia prescribes both technical and organisational measures for the protection of personal information. He advised organisations to conduct introspective risk assessments to ensure they are Popia compliant and that their employees are educated on the new data protection requirements.

Sandhya Ramdhany, the legal director for SA and the SADC region at Oracle, said organisations need to have a unified and collaborative approach to data security. Businesses that work in competitive silos are particularly vulnerable. Risk management is crucial. However, the buck stops with the board, who need to give data security the attention it needs and deserves.

Simon Nare, senior manager for technology security at MTN SA, said businesses can no longer take security issues for granted. People connect to business networks from anywhere and organisations need to have the necessary frameworks in place to protect their data.

Watch the full webinar below:

Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.