POPIA has thrust data governance into the limelight for South African businesses, but dealing with POPIA compliance can be difficult because the various stakeholders speak very different languages.
It is therefore critical that you have the right infrastructure in place to help these parties work together towards POPIA compliance.
In the third and final episode of Microsoft’s POPIA Compliance Series, Aki Anastasiou speaks with Michalsons attorneys John Giles and Mark Heyink, as well as Modern Work Specialist at Microsoft Catherine De Klerk, about how Microsoft technology can help to bridge the gap between your IT team and your lawyers.
As Giles highlights, this is because law courses don’t offer tech-related courses, and IT courses don’t offer courses in business law and compliance.
Key to helping your technical experts and your legal team work together is the information officer, who serves as a middle-man between these two groups.
“The information officer is by default the head of the organisation or the CEO for a private body, whereas for public bodies it depends on a number of factors – but even in these organisations it is essentially the head of the body,” explained Giles.
How Microsoft can help
While the information officer is important, it is also crucial that you have the right tools to allow the relevant parties within your organisation to perform their compliance roles.
“We’ve got a lot of these solutions built into our Office 365 services that allow technical personnel to look at a regulation, see what the controls are against that regulation, and determine the measures they need to put in place in order to comply with that regulation,” said De Klerk.
De Klerk also highlighted how Microsoft Compliance Manager allows organisations to set different roles for different staff – as it is not just your IT staff who are interacting with your compliance efforts.
“Before, the admin had access to everything, but now we’ve got a compliance role and we’ve got different data roles so that you can keep those barriers in between different groups,” said De Klerk.
For example, somebody who is in a compliance role within your organisation might not have access to everything within the Microsoft Compliance Manager, but they need to have access to the controls and the policies that they need to put in place.
Likewise, business stakeholders will have access to the policies which involve them – ultimately meaning that each stakeholder can contribute to that which concerns them without having access to areas in which they are not the experts.
Watch the final episode of Microsoft’s POPIA Compliance Series below to learn more. You can see the full Microsoft POPIA Compliance Series here.