South Africa's Protection of Personal Information Act (POPI) was set to take effect from Wednesday, 1 April but this date has been delayed due to the COVID-19 outbreak.

Our country's closest reference for data protection legislation is Europe's GDPR (General Data Protection Regulations). Both these legislative frameworks provide greater protection rights to individuals, requiring companies to be more accountable for their handling of people's personal information by having data protection policies, data protection impact assessments and relevant documents on how data is processed.

While no new date has been set for POPI to take effect, the good news is that POPI and GDPR overlap in nearly all areas, which means that compliance with the GDPR should result in near-perfect compliance with POPI.

While much progress has been made by organisations in compliance with GDPR, a study by Check Point® Software Technologies Ltd. reflects that there still is much work to do, with an average of just under half (40%) of European companies not having sufficiently adapted to GDPR.

As organisations are mainly concerned with technical regulations, here are the three major barriers that could delay compliance and highlight solutions to optimise security measures:

1. Data protection

To ensure the privacy of information, the imperative prerequisite is to have a good security system that protects data. It is often the basic security measures that are the most difficult to implement; Check Point®’s study identified that only just under half (45%) of the participants have implemented standard security measures.

Covid-19's lockdowns have highlighted the basic measures that must also be taken into account if critical business functions are to remain operational, including:
  • updating operating systems, programmes and applications on all computers and mobile devices
  • showing employees the importance of reporting possible security incidents or breaches, and
  • avoiding reusing passwords in different services, as they can open the door to cyber-criminals.
All these changes, however simple they may seem, help to constitute a first-level of security within a corporate data protection strategy.

2. Data encryption

Data mobility and the advent of COVID-19 has fast-tracked mixed working and with it, the risks of security breaches. Even though the legislation obliges companies to encrypt all data they store, the study identified that only just over half (53%) of the participants had adopted a technological solution to encrypt data.

Whether physically (via USB or disk drive) or electronically (via software or cloud), security measures to prevent data leakage is critical, be it as a result of human error or due to the loss or theft of devices with unprotected sensitive information.

3. Data loss prevention

With legislation requiring regular backups on a second medium (different from the one used for daily work), only half (49%) of the participants from the study had implemented data loss prevention solutions.

An optimal cybersecurity strategy must have a proactive approach based on the prevention of threats and risks. In navigating COVID-19 from a business perspective, the cloud has emerged as an optimal solution for hosting this data, since it also allows access from any computer and location.

Complying with these legislative guidelines is still a major challenge for many organisations. This means that the security of corporate data may be compromised at any time because of a cyber-attack.

Furthermore, remote working during COVID-19 has accelerated the risks derived from security breaches and data leaks originating from data mobility and the devices that store it — such as smartphones, laptops or even USBs — which barely have any security measures and leave corporate information exposed to any eventuality.

The safety measures prescribed by POPI and GDRP have never been more important than during this global pandemic and indeed in steadying businesses toward success moving forward. Regrettably, statistics indicate that several organisations are struggling to comply with the regulations.

For this reason, Check Point® has developed a new application called GDPRate to guide companies in following the essential points of an effective strategy for POPI and GDPR compliance. This tool also checks the organisation's preparation for the standards and safety requirements.

For more information, visit www.checkpoint.com. You can also follow Check Point® on Facebook or on Twitter.