Why Is Data Protection Such A Big Deal?
If your business is digitising, like others that are futureproofing, then you are processing a great deal of data. Data that relates to transactions, which equals sales. More processing, more profits!
Beware, it also means more risk. The trouble is that this data contains private and personal identifying information, which is protected by law in almost every country in the world.
To Safeguard the Identities of Individuals
Identity thieves thrive in a world where you can find just about anything online.
With just the teeniest shred of information (an ID, national insurance or social security number; a tax number; a password—yikes) hackers and thieves can build a thorough profile on an individual.
Then, cybercriminals can impersonate their target, running up big bills and wreak havoc in their victim’s name.
Identity theft (or fraud) can cause irreparable financial harm, so governments worldwide have resolved to protect their citizens through data protection legislation.
To Prevent Ransom Attacks On Companies
All data privacy laws protect individuals by imposing strict regulations on the persons or entities that process personal information, aka sensitive data.
As you can imagine, if sneaky cybercriminals infiltrate a database, they have access to hundreds (if not, thousands) of individuals’ personal information. Besides the ample theft opportunities this presents, it also makes for an excellent piece of blackmail to extort ransom.
Imagine the panic when your stakeholders learn that private information has been breached!
Not to mention the almost unquantifiable reputational damage.
Finally, there’s also the potential persecution that comes with being found guilty of non-compliance or mishandling personal data.
To Protect Individuals from Businesses
How often have you been annoyed by the intrusion of an unsolicited email—or worse, a telemarketing call?
Yes, as much as we sell and promote like crazy, our prospects have the right to choose to be contacted.
Data protection laws enforce opt-in communication rules. They also make responsible parties (the entities collecting personal data) inform individuals of how their data will be processed:
- What information is needed?
- Why it's needed?
- How it will be stored?
- If it will be distributed to third parties and why?
- The procedures to inform you of and remedy a data breach.
Privacy Laws Rule the World
You’d be hard-pressed to find a country that doesn’t have some form of information protection legislation.
These laws are necessary, and they are fierce. Penalties for non-compliance include hefty fines and possible imprisonment.
The good news is that with proper IT Governance in place, they are not too hard to follow.
From a high-level perspective, you will need:
- To understand your data processing obligations under the [data-related] laws that govern your business.
- To set policies in place, which ensure that your processes and employees comply with the applicable laws.
- Solid cybersecurity measures.
- Protocols to contain and remedy a breach as fast as possible and duly inform affected parties.
Protection of Personal Information Act (POPIA) Commences on 1 July 2020
After seven years of serving as a massive heads-up to companies nationwide, the POPI Act will officially commence on 1 July 2020.
All businesses that process personal information in South Africa or of SA citizens will have 12 months to comply.
Compliance obligations include:
- Appointing an information officer
- Creating a POPI Act Compliance Policy
- Employee awareness and education
- Amending contracts with third parties that receive or will receive sensitive data
- Breach notification protocols
- Clarification on the lawful transfer of information across borders
- Adherence to only sharing permissible information.
If it all feels a tad overwhelming, or you’d like to guarantee your organisation's POPIA compliance, speak to us.
Our Managed IT Services include IT governance and compliance.
Need IT Governance and Compliance Guidance? Your first consultation is free.
