The Reasons Behind POPI and How it Relates to Cybersecurity
The POPI Act was drafted and ratified by Parliament in response to perceived global cybersecurity threats and South Africa’s previously inadequate cybercrime laws and regulations. Parliament assented to the POPI Act in November 2013, with final sections of the Act coming into effect on 1 July 2020, allowing businesses up to a year to become compliant.
Following the example of the European Union’s General Data Protection Regulation (GDPR), the goal of the POPI Act is to prevent data security breaches within South African organisations and to protect consumers against data theft. This places the onus on businesses to ensure they process and store customer data securely, in accordance with the conditions and regulations for doing so as set out by the Act. Non-compliance carries severe fines and, potentially, even jailtime for business owners and directors.
The problem is that many businesses have been operating with inadequate cybersecurity for years, with a 2019 survey showing that only 34% of businesses were prepared to meet the POPI requirements.
How to Ensure Compliance and Improve Your IT Security
Many business owners and directors envision cybersecurity threats as an army of hackers marching on their firewall, attempting to access their business’ IT system and data by force. The reality is, however, that most data security breaches occur by stealth, with a business’ biggest IT security risk unfortunately coming from within: its employees.
A whopping 92% of data breaches occur due to human error, and 66% of cyber criminals rank e-mail phishing as their attack method of choice, with unsuspecting employees unwittingly lowering the drawbridge for attackers.
Our comprehensive cybersecurity offering includes awareness training and monitoring services that will ensure your business is not only POPI compliant, but protected in general.
Our online security awareness training provides useful guides and implementation tools to equip you and all your key staff to identify the duties and responsibilities required to be POPI compliant, develop an understanding of best practices for processing personal information, and protect people’s right to privacy.
Contact us for more information about our step-by-step POPIA Toolkit and POPIA Gap Analysis Assessment.