GDPR, POPI Compliance and The Impact of Data Breaches
South African enterprises are facing now more than ever the prospect of serious liability due to data non-compliance, poor governance, and increasing data breaches and cyber attacks.
European Union’s General Data Protection Regulations GDPR and the Protection of Personal Information (PoPI) Act require sound data governance to ensure that the impact of any potential data breach can be quickly understood, communicated to regulators, and promptly reversed.
Data compliance and governance ensures that the enterprise can deal with such cyber crisis such as the recent Liberty data breach where an undisclosed number of emails had been accessed, resulting in personal data being compromised.
In fact, South African enterprises – including Liberty – should pay particular attention to the management of personal data for its clients, EU and non-EU citizens, and specifically if different systems and servers host this sensitive data.
Our Integrated Management System (MSX) merges all organizational systems and processes in to one common cohesive framework that drives business excellence and ensures continual improvement. MSX enables business leadership to view management performance across the business activities and assists leaders to make informed actionable decisions.
Since the enforcement of the GDPR policy in May, many companies are now required to comply with GDPR since they may be holding data belonging to EU citizens, regardless where this data is hosted – locally or worldwide. Closer to home, POPI aims to achieve the same with the personal information of South African citizens.
Data compliance needs to become a mandatory process for multi-national organisations juggling customer, supplier and staff data on multiple systems. Enterprises need to ensure that their data is safely stored, encrypted, and protected against hacking attempts.
Meanwhile, data governance comes as a necessary step to better prepare and manage sensitive data in the eventuality of breaches, theft and cybercrime.
Enterprises have to rely on proper expertise, controls and regulatory assistance to combat such malicious attacks. They also have to consider the legal and financial implications resulting from non-compliance, security breaches and poor data management.
Is your organisation prepared to deal with data protection regulations, data governance and security risks?
MSX Cyber, part of the XGRC product range, assists organisations to drive performance and compliance with its integrated information security management system built on the ISO 9001 Quality and ISO 27001 Information Security framework.