Search
Close this search box.

Five questions to ask your leadership team before the POPIA grace period ends

South Africa’s Protection of Personal Information Act gives individuals more control over how their personal information is collected, processed, and used by private and public bodies. The Act requires such bodies (AKA responsible parties) to meet several minimum requirements for the lawful processing of data – and the grace period is almost over. From 1 July 2021, SA organisations must be compliant. Are you ready? Ask your leadership team these five questions to check that key areas of accountability have been addressed…

1 | Do we have a registered Information Officer?

As a responsible party, you are required to register your Information Officer with the Information Regulator by 1 July 2021.

You can do this online via the Information Officer Registration Portal on the Information Regulator’s website, where electronic and PDF versions of the registration form are available. The portal also contains relevant documentation, including guidance notes, official notices, and policies.

Remember, your Information Officer (IO) is the person responsible for making sure your organisation adheres to POPIA. They need to encourage and ensure your organisation’s compliance with POPIA, deal with any information access requests pursuant to the legislation, and work with the Information Regulator in relation to any investigations conducted in terms of POPIA.

They also need to see to it that an organisational compliance framework is developed, implemented, monitored and maintained, and that internal awareness sessions are conducted regarding the provisions of the Act, among other duties. The IO’s responsibilities are listed in Section 55 of POPIA and in the POPIA Regulations.

2 | Do we have adequate security measures in place?

As a responsible party, you are required to secure the integrity and confidentiality of personal information in your possession or under your control.

According to Section 19 of POPIA, this includes the implementation of “appropriate, reasonable technical and organisational measures” to prevent loss of, damage to, or unauthorised destruction of personal information.

Whether you manage personal data on paper or online, POPIA calls for you to identify all reasonably foreseeable internal and external risks to the data; establish and maintain appropriate safeguards against the risks identified; regularly verify that the safeguards are effectively implemented; and ensure that the safeguards are continually updated in response to new risks.

In addition, POPIA decrees that you must have “due regard to generally accepted information security practices and procedures” which may apply to you generally, or which may be required in terms of specific industry or professional regulations (e.g., hospitals are expected to have strict security measures in place to protect the detailed, sensitive medical records of their patients).

3 | Do we know what to do in the event of a data breach?

As a responsible party, you are required to report security compromises to the Information Regulator and the data subject(s) involved as soon as reasonably possible.

Section 22 of POPIA describes the obligations of the responsible party when there are “reasonable grounds” to believe that the personal information of a data subject has been accessed or acquired by an unauthorised person.

You should have a comprehensive incident response plan on hand to guide your actions in the event of a data breach, data leak, or cybersecurity incident. Make sure that your IO and key members of your leadership team follow a systematic process to identify the incident, respond appropriately, escalate where necessary, and communicate clearly in line with POPIA’s stipulations.

If you fail to notify data subjects in such circumstances, you could face imprisonment, fines, or both. Remember, you must notify affected parties in writing as soon as reasonably possible after the discovery of a security compromise.

4 | Do we have employee training initiatives in place?

As a responsible party, you should ensure that your employees are educated about basic information security protocols and procedures.

From your Human Resources Department, which handles sensitive staff info, to your employees themselves, who may manage personal data from customers, suppliers, and service providers, your teams have to deal with personal information on a regular basis.

Make sure everyone in your organisation is familiar with POPIA’s requirements – and that individual staff members, line managers, and department heads understand their duties and responsibilities when it comes to data processing, data management, and data security.

Educate your personnel about the collection, use, and storage of personal information under POPIA, and remember that they may need specialised training for new systems and new productivity tools deployed now, or in the future.

5 | Do we understand the risks of non-compliance?

As a responsible party, you could face hefty fines or imprisonment if you’re found to be in contravention of the law.

There are civil and criminal consequences for non-compliance with POPIA. Section 99 of the Act describes how a data subject (or the Information Regulator, at the request of a data subject) may institute civil action against a responsible party for breach of POPIA.

Offences, penalties, and administrative fines are outlined in Chapter 11 of the legislation. If you are convicted of an offence in terms of POPIA, you could be fined up to R10-million, or imprisoned for up to 10 years.

Non-compliance also poses a risk to your reputation: public trust in your organisation could be eroded overnight if you suffer a data breach, and serious brand damage could cripple your business irrevocably.

Get expert help for all your data security needs.

The BUI Cyber Security Operations Center is the first of its kind in Africa. Take a look inside to see how our security experts protect and defend critical data 365 days a year.

Or contact our team directly to learn more about next-generation security solutions to safeguard your personal information, customer files, and business resources.

Another first! BUI earns Windows Virtual Desktop Advanced Specialization

We are thrilled to be the first Microsoft Partner in South Africa to have earned the new Windows Virtual Desktop Advanced Specialization.

This accomplishment follows our recent accreditation as an Azure Expert Managed Services Provider, and makes BUI the only Microsoft Partner on the African continent with both Azure Expert MSP status and advanced Windows Virtual Desktop capabilities.

Introduced by Microsoft in September this year, the Windows Virtual Desktop Advanced Specialization recognises Partners with the knowledge and experience to implement, optimise, and secure virtual desktop infrastructure that allows remote end-users to access the tools they need safely and easily, on any web-enabled device.

“From the deployment of Windows Virtual Desktop environments to the management of virtual desktop infrastructure on Azure, we are helping our customers to find scalable, cost-effective solutions for their business needs,” says BUI Co-founder and Chief Technology Officer Willem Malan.

“Enterprises are already looking to the future and planning for a post COVID-19 world, and we are seeing a greater emphasis on flexibility and security as stakeholders explore remote-work options for diverse employee groups,” continues Malan. “Virtual desktops enable productivity as usual, even in unusual times, and I think the demand for this kind of functionality will continue to grow as companies adapt to the changing business landscape,” he adds.

To earn the Windows Virtual Desktop Advanced Specialization, Microsoft Partners must pass a rigorous third-party audit, which Malan explains is designed to assess more than just technical aptitude.

“Our ability to facilitate a customer’s move to Windows Virtual Desktop is scrutinised and measured from every angle. This achievement is a testament to our top-line expertise as well as our proven success in delivering virtualised Windows desktops and applications that are secure, compliant, and tailored for the modern workplace,” he says.

Empowering people to work remotely – from their homes, offices, or on the go – is critical for business continuity in a changing world. The Windows Virtual Desktop solution delivered through our a2zManaged modern managed services practice offers a comprehensive, end-to-end managed virtual desktop environment, with several advantages:

  • Affordability. Reduce overall costs with pooled, multi-session resources.
  • Accessibility. Immediate access to Windows Virtual Desktop from any web-enabled device.
  • Availability. Windows Virtual Desktop is currently available for all geographic locations.
  • Flexibility. Get a fully scalable desktop virtualisation environment in your Azure subscription.
  • Security. Leverage Azure Active Directory to unlock security features like MFA and SSO.

“Microsoft Azure is an exceptionally powerful platform, and we are leveraging its versatility to help our customers reimagine business productivity. With comprehensive virtual desktop technology and a trusted partner on hand from server to screen, remote work becomes not only possible, but feasible, too,” notes Malan.

BUI is committed to supporting customers through every stage of digital transformation. “We are determined to help organisations unlock the full value of their technological investments,” declares Malan.

“Advanced specializations like this one, alongside our complementary abilities in Adoption and Change Management, position us to deliver tailormade solutions that enable business teams to thrive in the new world of work,” he concludes.

Need help creating a secure remote-work environment for your team?

Our specialists can enable, manage, and support your Windows Virtual Desktop environment – from the server to the screen.

Download our Windows Virtual Desktop brochure for more information on cloud-driven productivity solutions for the modern workplace.

BUI Is The 2020 Microsoft South Africa Partner Of The Year

Congratulations, Team BUI! We have won the 2020 Microsoft South Africa Partner of the Year Award! Earlier this evening, BUI was honoured among a global field of top Microsoft Partners for demonstrating excellence in innovation and implementation of customer solutions based on Microsoft technology.

Managing Director Ryan Roseveare is thrilled with this accolade! It’s not the first time we’ve taken home this trophy, but it’s a particularly special achievement for us in 2020, the year of our 20th corporate anniversary. “We’re honoured to be recognised for delivering innovative, impactful solutions that make our customers more secure, more productive, and more competitive,” Roseveare said.

“Every team member works to ensure that our customers get the best service, the right resources, and real value, every time,” he added.

The Microsoft Partner of the Year Awards recognise Microsoft Partners that have developed and delivered exceptional Microsoft-based solutions during the past year. Awards are classified in several categories, with honourees chosen from a set of more than 3 300 submitted nominations from more than 100 countries worldwide.

BUI was recognised for providing outstanding solutions and services in South Africa.

“Digital transformation and security remain key concerns for South African businesses,” Roseveare said, explaining that BUI is working closely with Microsoft to create platform-specific solutions that address these challenges, while actively driving cloud adoption and providing cutting-edge security services from the BUI Cyber Security Operations Centre.

“Winning the Microsoft country partner award this year is a wonderful acknowledgement of our efforts to support local enterprises as they embrace new tools and technologies for a better tomorrow,” he concluded.

This year’s award announcement was a preliminary celebration ahead of the annual Microsoft Inspire conference, where Partner of the Year winners are also feted.

“It is an honour to recognise the winners and finalists of the 2020 Microsoft Partner of the Year Awards,” said Gavriella Schuster, corporate vice president, One Commercial Partner, Microsoft. “These partners go above and beyond, delivering timely solutions that solve the complex challenges that businesses around the world face – from communicating and collaborating virtually to helping customers realise their full potential with Azure cloud services, and beyond. I am proud to honour and congratulate each winner and finalist.”

Take a bow, Team BUI. Successes like these are possible because of the passion and commitment you show every day. Thank you, and well done.