TRENDING
Daniel Lötter, Head: Bids and Tenders at Itec Southern Africa
Gregg Petersen, Regional Sales Vice President, Middle East & Africa at Veeam
data management, ownership and control are becoming hot topics and won’ t go away.
So, governments and societies are responding to protect this resource, as well as the sources that provide the data.
South Africa has its own data-centric legislation, the Protection of Personal Information( PoPI) act. GDPR’ s arrival is a sign that local organisations must look closely at their compliance.
“ The similarities between GDPR and PoPI are huge,” said Lötter.“ There are some small and crucial differences around transactional data, but otherwise they are very similar. Even if a local business doesn’ t require GDPR compliance, chances are much greater that they need to be in step with PoPI. In that light, GDPR is an opportunity for local businesses to reflect on their PoPI status and start making the right changes.”
GDPR and PoPI compliance impact many different parts of a company. But a prime component is data security, which is why Itec is launching a new security solution to help local companies of all sizes.
“ We have launched a partnership with First Distribution to bring the Veritas security solution to our customers. This will create a security service with different tiers for various types of organisations. The solution is geared towards PoPI compliance, so this will help focus on customer information, which lies core to both GDPR and PoPI requirements.”
Meanwhile, Petersen says the new GDPR should be treated as the starting block for more comprehensive personal data management in the modern age and action on compliance shouldn’ t be left to the last minute.
Therefore, businesses need to go about protecting their processes with a‘ privacy by design’ approach, which can be done in a number of ways. All of which will ensure that yours is not the business the Information Commissioner’ s Office( ICO) turns its gaze on.
Remain transparent and secure
Thanks to many well-publicised data breaches in the last few years, the public are now more aware and concerned about their data security than ever before. Under the GDPR, consent for collecting data will be an active activity – users will need to opt in.
Similarly, people will soon be able to exercise a variety of rights over their personal data. They’ ll be able to place limits on the use, collection and disclosure of their personal information against organisations. Data controllers will need to be able to fulfil these obligations, not just for compliance reasons, but for customer service and brand reputation reasons as well.
It’ s important to have processes and resources in place that can support this significant change; being clear and transparent on your intentions should be key. But it’ s also important to balance privacy and security. An article from CSO discussed the risk of allowing GDPR rules to overrule security standards. It’ s vital to constantly have one eye on the safety and availability of data, as well as its privacy. There’ s a very real possibility that the first GDPR fine could come as a result of this tension.
Consider end-to-end security
One of the first pieces of advice a Data Protection Officer or GDPR expert will offer is to put the time and energy into building a comprehensive data map. This should let you quickly see where data is entering your organisation, how it is being collected and the type of infrastructure and storage solution that underpins its existence.
By now, every business should have done that. So, the next step is to retain a proactive, rather than a reactive, approach to data management, availability and security.
What that looks like in practice will vary by business. But regardless of size or structure, every organisation will need to adopt an ongoing plan for data monitoring and protection, that includes strategies for availability and backup, should a breach occur. These plans must be flexible enough to take into account the continuously shifting data landscape. And will require involvement from all areas of the business, not just the IT department.
The new age of GDPR
The cost of non-compliance is steep. But the question remains, who and what will the regulators be looking at? Will their attitude be lenient, or will they look to make examples of the first to fall?
Only time will tell. But we can speculate on the type of organisations that may get stung first. It’ s safe to rule out the public sector for fines could easily bankrupt many essential services. Yet other sectors may not be so lucky. To stay protected, all organisations need to treat GDPR as an ongoing project, not just a one-time event.
At Veeam, we believe that the new GDPR should be treated as the starting block for more comprehensive personal data management in the modern age. As such, action on compliance shouldn’ t be left to the last minute. It must be treated with the same gravitas as any other major strategic business decision, like expansion or wider digital transformation initiatives. •
22 INTELLIGENTCIO www. intelligentcio. com