Intelligent CIO Africa Issue 18 | Page 22

TRENDING
Daniel Lötter , Head : Bids and Tenders at Itec Southern Africa
Gregg Petersen , Regional Sales Vice President , Middle East & Africa at Veeam
data management , ownership and control are becoming hot topics and won ’ t go away .
So , governments and societies are responding to protect this resource , as well as the sources that provide the data .
South Africa has its own data-centric legislation , the Protection of Personal Information ( PoPI ) act . GDPR ’ s arrival is a sign that local organisations must look closely at their compliance .
“ The similarities between GDPR and PoPI are huge ,” said Lötter . “ There are some small and crucial differences around transactional data , but otherwise they are very similar . Even if a local business doesn ’ t require GDPR compliance , chances are much greater that they need to be in step with PoPI . In that light , GDPR is an opportunity for local businesses to reflect on their PoPI status and start making the right changes .”
GDPR and PoPI compliance impact many different parts of a company . But a prime component is data security , which is why Itec is launching a new security solution to help local companies of all sizes .
“ We have launched a partnership with First Distribution to bring the Veritas security solution to our customers . This will create a security service with different tiers for various types of organisations . The solution is geared towards PoPI compliance , so this will help focus on customer information , which lies core to both GDPR and PoPI requirements .”
Meanwhile , Petersen says the new GDPR should be treated as the starting block for more comprehensive personal data management in the modern age and action on compliance shouldn ’ t be left to the last minute .
Therefore , businesses need to go about protecting their processes with a ‘ privacy by design ’ approach , which can be done in a number of ways . All of which will ensure that yours is not the business the Information Commissioner ’ s Office ( ICO ) turns its gaze on .
Remain transparent and secure
Thanks to many well-publicised data breaches in the last few years , the public are now more aware and concerned about their data security than ever before . Under the GDPR , consent for collecting data will be an active activity – users will need to opt in .
Similarly , people will soon be able to exercise a variety of rights over their personal data . They ’ ll be able to place limits on the use , collection and disclosure of their personal information against organisations . Data controllers will need to be able to fulfil these obligations , not just for compliance reasons , but for customer service and brand reputation reasons as well .
It ’ s important to have processes and resources in place that can support this significant change ; being clear and transparent on your intentions should be key . But it ’ s also important to balance privacy and security . An article from CSO discussed the risk of allowing GDPR rules to overrule security standards . It ’ s vital to constantly have one eye on the safety and availability of data , as well as its privacy . There ’ s a very real possibility that the first GDPR fine could come as a result of this tension .
Consider end-to-end security
One of the first pieces of advice a Data Protection Officer or GDPR expert will offer is to put the time and energy into building a comprehensive data map . This should let you quickly see where data is entering your organisation , how it is being collected and the type of infrastructure and storage solution that underpins its existence .
By now , every business should have done that . So , the next step is to retain a proactive , rather than a reactive , approach to data management , availability and security .
What that looks like in practice will vary by business . But regardless of size or structure , every organisation will need to adopt an ongoing plan for data monitoring and protection , that includes strategies for availability and backup , should a breach occur . These plans must be flexible enough to take into account the continuously shifting data landscape . And will require involvement from all areas of the business , not just the IT department .
The new age of GDPR
The cost of non-compliance is steep . But the question remains , who and what will the regulators be looking at ? Will their attitude be lenient , or will they look to make examples of the first to fall ?
Only time will tell . But we can speculate on the type of organisations that may get stung first . It ’ s safe to rule out the public sector for fines could easily bankrupt many essential services . Yet other sectors may not be so lucky . To stay protected , all organisations need to treat GDPR as an ongoing project , not just a one-time event .
At Veeam , we believe that the new GDPR should be treated as the starting block for more comprehensive personal data management in the modern age . As such , action on compliance shouldn ’ t be left to the last minute . It must be treated with the same gravitas as any other major strategic business decision , like expansion or wider digital transformation initiatives . •
22 INTELLIGENTCIO www . intelligentcio . com