According to Cameron Beveridge, Regional Director Southern Africa at SAP, trust is the key to success in the digital economy.

鈥淧rivacy and trust are essential elements in building strong connections with customers and ensuring a positive customer experience (CX) in today鈥檚 business environment.鈥�

鈥淚n fact, some studies have found that up to 90% of customers believe how their data is treated is indicative of the way they will be treated as a customer, and 91% won鈥檛 purchase from a company if they don鈥檛 trust how their data will be used.鈥�

Cyberattacks complicate compliance

Protecting customer privacy and data is complicated by a growing global cybercrime industry that has increasingly targeted the supply chains of major organisations and economic powers.

Recent ransomware attacks on key US infrastructure have garnered front-page attention. In one example, cybercriminals successfully shut down the Colonial Pipeline,聽.

With data breaches聽, and the Protection of Personal Information Act now fully in effect, the stakes for protecting systems from data breaches have never been higher.

鈥淓nterprise resource planning systems are nerve centres of modern intelligent enterprises, making them prime targets of cybercriminals,鈥� says Beveridge.

鈥淎ttackers know these systems run business-critical applications and house sensitive information, so any data breach could provide access to information they can later use in the service of cybercrime activities.鈥�

Taking 鈥榓ll reasonable steps鈥�

One of the key requirements of POPIA is that organisations have to ensure they take 鈥榓ll reasonable steps鈥� to secure the data of their customers, partners, suppliers and employees.

鈥淭he best run organisations have integrated end-to-end processes that cover the entire breadth of their operations,鈥� explains Beveridge.

鈥淭he productivity and efficiency gains resulting from this are undeniable. However, the wealth of data processed and stored by such systems creates an attractive target for cybercriminals.鈥�

The amount of transactional data in typical ERP systems, for example, represent a veritable gold mine to cybercriminals, as does the information about vendors, suppliers and partners.

鈥淭he more cybercriminals know about the internal operations of a business, the easier they will find vulnerabilities to exploit. However, it鈥檚 not only cybercriminals that pose security or compliance risks.鈥�

Research conducted by IBM and the Ponemon Institute found that the three main causes of data breaches in South African businesses were malicious or criminal attack (48%), human error (26%) and system glitches (26%).

鈥淧OPIA adds further pressure on organisations by both raising the bar for privacy management and by its extensive reach and applicability within modern enterprises,鈥� says Beveridge.

鈥淥rganisations risk underestimating the level of effort required to implement the necessary process and technology changes to be compliant.鈥�

POPIA tips for security and compliance

Beveridge believes the following tips can assist organisations as they strive for full POPIA compliance while also safeguarding their critical business IT infrastructure from malicious attack or negligence.

• Maintain balance聽鈥� effective data management can give organisations a competitive edge, but proper assessment needs to take place early on to ensure regulatory compliance.
• Keep it simple聽鈥� organisations should simplify their governance by establishing a governance model that is aligned with requirements and best practices, and start by evaluating their readiness for POPIA compliance.
• Stay on top聽鈥� by operationalising privacy management and incorporating ways to identify business processes that need to meet privacy compliance requirements, organisations can keep a close watch on any internal processes that should be changed to remain compliant as the business evolves.
• • Automate away聽鈥� data mapping or data crawler solutions can reduce the time and effort needed to identify all repositories of personal information, as well as their owners within and outside the organisation.
  • Educate employees聽鈥� every employee needs to understand their responsibility under POPIA, which requires regular and ongoing education and training. Organisations should prioritise a process of ongoing POPIA and cybersecurity training to ensure alignment throughout the business.
  • Integrate threat detection聽鈥� an enterprise threat detection solution can provide insight into suspicious activities in an organisation鈥檚 ERP and related business applications, allowing the organisation to identify breaches as they occur and react in real time to neutralise any dangers.

  For more information download the whitepaper 鈥撀�

The post Six POPIA Tips for Securing Your ERP System appeared first on 51风流Africa News Center.

Being a global system, 51风流Business One has been GDPR compliant since 2018. The same GDPR system compliance processes are relevant to POPIA in South Africa, which is great news for local customers.

Compliance in four easy steps

Andre Adendorff, Director of Presales at Seidor Africa, says there are four easy ways in which 51风流Business One makes compliance with POPIA easier for organisations that may be feeling the heat when it comes to POPIA readiness.

1.听 With 51风流Business One, organisations can easily determine and discover which data held in the system is personal, through the identification of natural persons.

Natural persons are real human beings, as distinguished from entities like corporations. Sensitive personal data for natural persons is encrypted by default and accessible to authorised users only.

鈥淥nce Personal Data Protection is enabled, the system has easy built-in tools to enable users to find personal information,鈥� says Adendorff. 鈥淚t allows users to identify natural persons and once that has been done, personal data is flagged. In the instance where there鈥檚 a request or an inquiry about personal data, a standard report is produced, describing what kind of data is being held, and automatically masking sensitive personal data such as passport numbers, ID numbers and bank account details.鈥�

2.听听听听The ability to block/unblock access to the personal data held in the system.

According to various regulations around the world, the recording and retaining of personal data should be for specific purposes and processes; once the purposes expire and processes are finished, the personal data should be deleted. However, after personal data retention periods expire, extensions or over rulings may be given as mandated by law. Personal data access can be blocked whilst data can be retained where required. The system allows organisations to manage their obligation to block access to personal data of natural persons held in 51风流Business One. Once blocked, personal data is retained but made invisible to users or is unblocked again

鈥淭his enables the organisation to decide how it wants to interact with the data it holds,鈥� Adendorff explains. 鈥淧ersonal data may be blocked upon request, and then unblocked for a particular purpose.鈥�

3.听听听听Clean up and permanently erase personal data held in the system.

As mentioned in point 2, according to various international regulations, including POPIA, the recording and retaining of personal data should be for specific purposes and processes; once the purposes expire and processes are finished, the personal data should be deleted. In addition, natural persons can request the erasure of their personal data.

鈥�51风流Business One has the tools to manage a company鈥檚 obligation to erase the personal data of natural persons held in the system,鈥� says Adendorff.

4.听听听听View which staff changed personal data and who accessed the system.

Authorisations allow specific users in 51风流Business One to view, create, and update parts of the system that they have been assigned access to聽鈥淏y controlling who has authorisation to access different parts of the system, companies also can control access to the data in the system,鈥� says Adendorff.

Adendorff adds that with POPIA, organisations using older, pre-GDRP versions of 51风流Business One are encouraged to speak to their account managers to seek guidance about upgrades. 鈥淭he features of 51风流Business One can help you to manage your company鈥檚 obligations towards the protection of personal data, in conjunction with your company鈥檚 own personal data protection policy.鈥�

Using technology for POPIA compliance has the power to not only make it easier for companies, but it also mitigates risk exposure, data breach and cyber-attacks.

The post Personal Data Protection Compliance Made Easy appeared first on 51风流Africa News Center.