South Africa’s Protection of Personal Information Act (POPIA) was set to take effect from 1 April 2020, but this date has been delayed due to the Covid-19 outbreak. Our country’s closest reference for data protection legislation is Europe’s GDPR (General Data Protection Regulations). Both these legislative frameworks provide greater protection rights to individuals, requiring companies to be more accountable for their handling of people’s personal information by having data protection policies, data protection impact assessments and relevant documents on how data is processed.
While no new date has been set for POPIA to take effect, the good news is that POPIA and GDPR overlap in nearly all areas, which means that compliance with the GDPR should result in near perfect compliance with POPIA. While much progress has been made by organisations in compliance with GDPR, a study by Check Point Software Technologies Ltd., a leading provider specialising in cyber security worldwide, reflects that there still is much work to do, with an average of just under half (40%) of European companies not having sufficiently adapted to GDPR. As organisations are mainly concerned with technical regulations, Pankaj Bhula at Check Point outlines the three major barriers which could delay compliance, highlighting solutions to optimise security measures:
It stands to reason that to ensure the privacy of information, the imperative prerequisite is to have a good security system that protects data. It is often the basic security measures that are the most difficult to implement, with Check Point’s study having identified only just under half (45%) of the participants having implemented standard security measures. Covid-19’s lockdowns have highlighted the basic measures that must also be taken into account if critical business functions are to remain operational, including: updating operating systems, programs and applications on all computers and mobile devices; showing employees the importance of reporting possible security incidents or breaches; or avoiding reusing passwords in different services, as they can open the door to cyber-criminals. All these changes, however simple they may seem, help to constitute a first level of security within a corporate data protection strategy.
Data mobility and the advent of Covid-19 has fast-tracked mixed working and with it, the risks of security breaches. Even though the legislation obliges companies to encrypt all data they store, Check Point’s study identified that only just over half (53%) of the participants had adopted a technological solution to encrypt data. Whether physically (via USB or disk drive) or electronically (via software or cloud), security measures to prevent data leakage it is critical, be it as a result of human error or due to the loss or theft of devices with unprotected sensitive information.
Data Loss Prevention
With legislation requiring regular backups on a second medium (different from the one used for daily work), only half (49%) of the participants had implemented data loss prevention solutions. An optimal cybersecurity strategy must have a proactive approach based on the prevention of threats and risks. In navigating Covid-19 from a business perspective, the cloud has emerged as an optimal solution for hosting this data, since it also allows access from any computer and location.
“Complying with these legislative guidelines is still a major challenge for many organisations. This means that the security of corporate data may be compromised at any time because of a cyber-attack,” says Pankaj Bhula, Check Point’s spokesman. “Furthermore, remote working during Covid-19 has accelerated the risks derived from security breaches and data leaks originating from data mobility and the devices that store it, such as smartphones, laptops or even USBs, which barely have any security measures and leave corporate information exposed to any eventuality,” concludes Bhula.
The safety measures prescribed by POPIA and GDRP have never been more important than during this global pandemic and indeed in steadying businesses toward success moving forward. Regrettably, statistics indicate that several organisations are struggling to comply with the regulations. For this reason, Check Point has developed a new application called GDPRate to guide companies in following the essential points of an effective strategy for POPIA and GDPR compliance. This tool also checks the organisation’s preparation for the standards and safety requirements.