The Protection of Personal Information (PoPI) Act will alter how data is managed in South Africa. While the official deadline is yet to be announced, businesses will be mandated to protect their customer data. For small to medium-sized businesses (SMBs) the new regulation around data security can seem daunting.
“Businesses who do not abide by PoPI regulations could incur financial penalties, revenue losses, and in some cases, even imprisonment. For SMBs this can prove fatal for their business – the sooner they start preparing for PoPI, the easier the transition process will be,” says Thomas Vollrath, head of SMB-focused hosting company 1-grid.com.
PoPI, like the European General Data Protection Regulation (GDPR) which came into effect in May this year, will give individuals more control over their personal data. It will ensure that companies are more transparent in the way they use customer information. The legislation will force organisations and businesses to take responsibility for the way they handle data.
“As a hosting partner, our customers expect the highest levels of security and confidentiality. Our reputation is totally dependent on how we protect their data. This principle also applies to our customer’s customer – the core asset for any business,” says Vollrath.
SMBs often have a smaller profit margin, which means they cannot afford to pay fines or taint their reputation by not being PoPI compliant. “Customers are likely to pledge loyalty to companies that they trust – this can give SMBs a competitive edge,” says Vollrath.
Own an SMB? Here’s how you can become PoPI compliant:
- Have strict data protection policies and regulations: Draft data security policies that outline how your personal customer information should be stored, processed and secured. The regulations must also outline the procedure should there be a data breach. Share this protocol with your employees and ensure they understand the implications of a data leak.
- Secure access points: Change passwords frequently and monitor employee log-ins to help protect data. Remember data leakage includes the accidental or intentional exposure of information by your employees. Train your team to be vigilant and make them aware of potential cyber-attacks – this should be an important part of training and form part of your overall business strategy.
- Invest in the right technology: SMBs need the right data and document processing applications – this is the first step towards becoming compliant. For those companies that only have the bare minimum amount of e-mail security and archiving and data storage, becoming PoPI compliant will take some time.
- Engage a trusted partner as an information officer: This person or organisation will advise and ensure that your data is protected and managed through stringent compliance processes.
1-grid.com offers generic top-level domain, web and email hosting, SSL certification, website design and online marketing expertise to their customers.