What is reasonable when it comes to PoPIA?

Another post following #ITWebGDPR2018 earlier this month. In his talk on the cost and compliance obligations of the GDPR, governance specialist Peter Hill made the point that risk, as it is referred to in the regulation, refers to risk from the perspective of the data subject. In other words, companies implementing GDPR, and PoPIA, must…

information privacy

PoPIA needs attention now!

A typical response to questions around PoPIA compliance is “we don’t need to worry about PoPIA (the South African Protection of Personal Information Act) until it’s fully implemented”. I’ve heard similar comments at several conferences.  It seems that South African companies are waiting until the last minute and assuming that they will have enough time…

POPIA and the data lifecycle

Are you ready to manage your own data breach?

“breach” An act of breaking or failing to observe a law, agreement, or code of conduct. A break in relations. A gap in a wall, barrier, or defence, especially one made by an attacking army\ Oxford English Dictionary Last week’s revelation that the personal information of over 30 million South African has been compromised. The exposure…

sassa

SASSA controversy and “creepy” data

Many South Africans will be familiar with the recent controversy over the renewal of the Net1 contract to pay social grants. I prefer not to engage with the merits of the Net1 decision – ultimately the I do not have access to the facts. The realities of whether an alternative could have, or should have, been…

GDPR

What is GDPR and why should we care?

Until a couple of weeks ago, I had never even heard of GDPR – the new General Data Protection Regulation set by the European Union (EU). And yet, for companies offering or wanting to offer services to clients located in Europe, the implication of infraction are clear: very high fines. This new European legislation, which…