New sections of the POPI Act came into effect on 30 June and 1 July, and businesses need to ensure they are compliant.
This means understanding what these new sections of the POPI Act entail and whether your data storage protocols abide by them.
Cyber Security Manager at ViC IT Consulting and certified Micro Focus instructor Prischal Bahgoo provides insight into the new sections of the POPI Act and how businesses can remain compliant.
New sections of the POPI Act
Section 13 of the POPI Act dictates that you can only collect personal information for an explicitly defined and lawful purpose.
Additionally, the subject must be aware of the purpose for which this information is being collected.
Section 14 expands upon this by stating that once this information is no longer needed for the specific purpose for which it was collected, it must be disposed of – unless you need to, or are allowed to, keep it by law.
Two other reasons that can justify you keeping this information are if you need it for your own lawful purpose or in accordance with a contract between you and the subject; or if the subject has said you may keep this data.
It is therefore crucial that businesses know where customer data is stored, how long it has been stored for, and how long it needs to be stored for.
Another important consideration given the current increase in employees working remotely is that the devices these employees use must not result in contravention of the POPI Act.
This is a matter of urgency and can be done through the implementation of multiplatform Mobile Device Management.
Section 18 of the POPI Act dictates an in-depth list of details which the subject must be made aware of, which includes who has their data, the details of how their data is being stored, and who has access to this data.
The subject must be aware of this information before the data is collected from them, unless the subject is already aware of these rights.
How Micro Focus can help your business
As a trusted name in the software industry, Micro Focus has developed a variety of innovative ways to help businesses cover compliance risk around POPI.
Micro Focus Structured Data Manager, through its ability to search for certain ‘grammars’ can search for the same type of data which resides in different locations or databases.
Through database-to-database archiving you can choose to relocate data from production databases to a secondary, online archive database, allowing you to archive data in its original format.
As a result of this, you gain the benefit of reducing the size of your primary databases, which has a two-fold effect:
- Dramatic acceleration of end-user access to production data.
- In-house database administrator skills are sufficient.
Micro Focus’s Voltage SecureData can also help you abide by the POPI Act through its end-to-end data-centric approach to enterprise data protection.
It is the only comprehensive data protection platform that enables you to protect data over its entire lifecycle without exposing live information to high-risk, high threat environments.
While POPI may seem daunting, partnering with Micro Focus can make the process much simpler.
This article was published in partnership with Micro Focus.