The full implementation of the Protection of Personal Information Act heralds a new era of control and privacy for South African citizens and organisations, and holds the promise of deepening trust between organisations and their customers 鈥 provided organisations remain fully compliant.
According to Cameron Beveridge, Regional Director Southern Africa at SAP, trust is the key to success in the digital economy.
鈥淧rivacy and trust are essential elements in building strong connections with customers and ensuring a positive customer experience (CX) in today鈥檚 business environment.鈥
鈥淚n fact, some studies have found that up to 90% of customers believe how their data is treated is indicative of the way they will be treated as a customer, and 91% won鈥檛 purchase from a company if they don鈥檛 trust how their data will be used.鈥
Cyberattacks complicate compliance
Protecting customer privacy and data is complicated by a growing global cybercrime industry that has increasingly targeted the supply chains of major organisations and economic powers.
Recent ransomware attacks on key US infrastructure have garnered front-page attention. In one example, cybercriminals successfully shut down the Colonial Pipeline,聽.
With data breaches聽, and the Protection of Personal Information Act now fully in effect, the stakes for protecting systems from data breaches have never been higher.
鈥淓nterprise resource planning systems are nerve centres of modern intelligent enterprises, making them prime targets of cybercriminals,鈥 says Beveridge.
鈥淎ttackers know these systems run business-critical applications and house sensitive information, so any data breach could provide access to information they can later use in the service of cybercrime activities.鈥
Taking 鈥榓ll reasonable steps鈥
One of the key requirements of POPIA is that organisations have to ensure they take 鈥榓ll reasonable steps鈥 to secure the data of their customers, partners, suppliers and employees.
鈥淭he best run organisations have integrated end-to-end processes that cover the entire breadth of their operations,鈥 explains Beveridge.
鈥淭he productivity and efficiency gains resulting from this are undeniable. However, the wealth of data processed and stored by such systems creates an attractive target for cybercriminals.鈥
The amount of transactional data in typical ERP systems, for example, represent a veritable gold mine to cybercriminals, as does the information about vendors, suppliers and partners.
鈥淭he more cybercriminals know about the internal operations of a business, the easier they will find vulnerabilities to exploit. However, it鈥檚 not only cybercriminals that pose security or compliance risks.鈥
Research conducted by IBM and the Ponemon Institute found that the three main causes of data breaches in South African businesses were malicious or criminal attack (48%), human error (26%) and system glitches (26%).
鈥淧OPIA adds further pressure on organisations by both raising the bar for privacy management and by its extensive reach and applicability within modern enterprises,鈥 says Beveridge.
鈥淥rganisations risk underestimating the level of effort required to implement the necessary process and technology changes to be compliant.鈥
POPIA tips for security and compliance
Beveridge believes the following tips can assist organisations as they strive for full POPIA compliance while also safeguarding their critical business IT infrastructure from malicious attack or negligence.
- Maintain balance聽鈥 effective data management can give organisations a competitive edge, but proper assessment needs to take place early on to ensure regulatory compliance.
- Keep it simple聽鈥 organisations should simplify their governance by establishing a governance model that is aligned with requirements and best practices, and start by evaluating their readiness for POPIA compliance.
- Stay on top聽鈥 by operationalising privacy management and incorporating ways to identify business processes that need to meet privacy compliance requirements, organisations can keep a close watch on any internal processes that should be changed to remain compliant as the business evolves.
-
- Automate away聽鈥 data mapping or data crawler solutions can reduce the time and effort needed to identify all repositories of personal information, as well as their owners within and outside the organisation.
- Educate employees聽鈥 every employee needs to understand their responsibility under POPIA, which requires regular and ongoing education and training. Organisations should prioritise a process of ongoing POPIA and cybersecurity training to ensure alignment throughout the business.
- Integrate threat detection聽鈥 an enterprise threat detection solution can provide insight into suspicious activities in an organisation鈥檚 ERP and related business applications, allowing the organisation to identify breaches as they occur and react in real time to neutralise any dangers.
For more information download the whitepaper 鈥撀
