With Facebook CEO, Mark Zuckerberg, currently, in the hot seat for the Cambridge Analytica data scandal, the public is reminded all too well of the consequences of inadequate data protection protocols. In today’s world, every bit of our lives is connected to storing our data remotely somehow. From seeking information to engaging with social media platforms, online purchases, using a smartphone in any way and the list goes on and on. The more we engage, the more data we are creating, and in turn, the more data is collected about us as individuals.
And even though the current Facebook muckraking affect South Africans as well, we tend to forget we too were victims of a data leak just a few months ago.
Cases like these (and many others) are exactly why laws like the Protection of Personal Information (POPI) and General Data Protection Regulation (GDPR) acts were put into place.
What is POPI?
With the POPI legislation coming into full effect in the near future, let’s take a closer look as to what exactly it is protecting. Workpool.co nicely summarises the POPI act as follows:
“The purpose of the PoPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way.”
This legislation places emphasis on bridging the gap between South African Protection laws and international standards. This ensures that citizens' personal information is treated as sacred and confidential. Individuals are seen as the sole owners of their personal information and have the full rights to exercise control over their it.
Businesses, therefore, have to comply with the legislation standards and make sure they take every necessary step to protect their consumers. The legislation states businesses have 12 months to fully implement POPI once the full law has been passed.
POPI vs GDPR
GDPR is an EU based law for Data Protection. The details of POPI and GDPR legislation are very different, but ultimately, they are different types of data protection laws. Both POPI and GDPR strive to protect the personal data of individuals.
However, the EU and South Africa have long-standing trade agreements in place. Analysts have therefore predicted that South African Parliament may have to amend the POPI act to better comply with GDPR standards.
Considering PSD2
Data Privacy protection and Payment Service Directive (or PSD) go hand in hand. As another EU directive, PSD directive was replaced by PSD2 in 2015. PSD2 aims to increase competition and participation in the payments industry by opening up this platform to extend further than the banking industry and also focusing on consumer protection and the rights and obligations for payment providers and users.
“In short, PSD2 enables bank customers, both consumers and businesses, to use third-party providers to manage their finances. In the near future, you may be using Facebook or Google to pay your bills, making P2P transfers and analyse your spending, while still having your money safely placed in your current bank account. Banks, however, are obligated to provide these third-party providers access to their customers’ accounts through open APIs (application program interface). This will enable third-parties to build financial services on top of banks’ data and infrastructure.”
~ Viola Hellstrom, VP Communications Finacial Services at EVRY
Companies implementing taking advantage of PSD2 should make sure they, as well as the new payment providers, are taking the correct steps to ensure customers data privacy according to POPI and GDPR.
How Does This Affect South African Businesses?
Every business that handles personal information of individuals, no matter how insignificant, will have to ensure that they are following POPI protocol. The primary focus of implementation will probably fall heavily on the financial sector as they hold a significant amount of clients’ details.
POPI states there are eight conditions for the lawful processing of personal information:
- Accountability
- Processing limitation
- Purpose specification
- Further processing limitation
- Information quality
- Openness
- Security Safeguards
- Data subject participation
Businesses have a year to reorganise data handling to comply with POPI and failure to do this could result in court settlements or even incarceration in extreme cases.
How Individuals Can Protect Themselves
As with any legislation, POPI cannot fully guarantee that South Africans will not be affected by their data being compromised. It does, however, give citizens the power to challenge parties or organisations that they feel have misused their personal information. Of course, the proof will have to be submitted in accordance with the POPI act.
How iTouch Handles Data Protection
As a service provider, we work with Global clients with large amounts of personal data. We always advise our clients to adhere to Data Protection laws such as POPI and GDPR and have drawn up extensive documentation and protocols to make sure we adhere to the standards as well.
How We Protect Your Data
With services provided by iTouch being fully dependent on technological infrastructure, it is crucial to ensure effective cybersecurity to protect networks, computers, programs and data from attack, damage or unauthorized access.
Hence, we embarked on a journey spanning over a number of years to ensure that we take all the necessary steps to secure our environment to the satisfaction of our most demanding clients, namely the banking sector. External assessments by security experts were conducted, both from the outside and inside of our environments to ensure compliance.
So, you can now be certain your customers’ data is safe from abuse and therefore mitigating a key risk to your business.
“As a vendor to major Banks in many different countries it is essential that we as iTouch consider Data Protection as a critical component to our business, and therefore yours”.
~ Waheed Adam, Executive Chairman, iTouch
Contact Us
Being experts on high standards of data protection, and our longstanding reputation that proves same, you can be assured that your sensitive data is in good hands. Contact us today to understand how we can help you and your business by mitigating any risk of falling foul of regulation.
Sources: