TALKING BUSINESS
startling number of global cybersecurity
breaches, has helped refocus efforts
around compliancy over the past 12
months. Companies understand the
value of data in addition to being able
to access it irrespective of location or
device used. The digital world means
data has become fundamental to build
competitive advantage and gain insights
on everything from buying behaviour,
customer preferences, conversion rates,
and customised offerings.
The steps these organisations are
taking to ensure compliance mirror
those of South African companies who
are pushing to get themselves ready
for PoPI. Aspects like understanding
how personal data is currently being
processed and how it needs to change
under new legislation, considering
appointing a Data Protection Officer
focused on all aspects of compliance,
and understanding cross-border data
flows must become part of standard
operating procedure.
Securing data
The traditional way of looking at data,
its availability, and security would
simply be to have backups in place. But
backups mean very little if they are not
easily accessible, the frequency with
which they are done is low, and the
quality of backup is poor. Ultimately
“With PoPI placing
a lot of attention
on availability,
frequent testing
becomes vital to
ensure backups are
encrypted.”
if the company is unable to restore
data from them, what’s the point in
doing them? With PoPI placing a lot
of attention on availability, frequent
testing becomes vital to ensure backups
are encrypted and kept in secure
locations whether in the cloud, on-
premise, or a combination of the two.
In many respects, the 3-2-1 backup
rule will come under renewed attention
because of this. It states that you need
to have three copies of your data, stored
on two different media types, with one
being offsite. Following this approach
enables the business to take a vital step
towards compliance to PoPI and other
regulatory requirements being delivered
globally, including the European Union’s
General Data Protection Regulation
(GDPR), which has requirements on any
business with European customers.
30
INTELLIGENTCIO
Structuring data management
Claude Schuck, Regional Manager for
Africa, Veeam
Mobile bugbear
Thanks to the growth of mobile and the
increased adoption of smart devices
to do business while away from the
office, enterprises are seeing the value
of using analytics and related business
intelligence offerings to gain value
from their data. And while mobile has
contributed to the growing importance
of data, it has also unwittingly become
one of the biggest loopholes around
adhering to regulations.
Not many companies consider the
value of data stored on mobile devices
as critical if they are lost or stolen. Yet,
these smartphones, tablets, or other
devices still contain intellectual property
that could significantly impact the
business if it is compromised.
And this is where acts like PoPI in South
Africa and GDPR in the European Union
fulfil vital roles in aligning what needs to
happen around data management and
best practice of implementation. With
the GDPR grace period ceasing in May
next year, Gartner says the threat of fines
of up to 20 million euros or 4% of annual
global turnover, for breaching articles in
GDPR means companies in Europe are
seriously re-evaluating measures to safely
process personal data.
Irrespective of the pressures to
adhere to legal requirements, data
management in the connected world
is all about putting the structures and
processes in place to ensure data is
kept safe and managed properly. For
this to work, organisations need to
be more open towards continuous
benchmarking and testing their
data management strategies. This
will contribute to a more structured
approach and ensure compliance to all
aspects of acts like PoPI are adhered to.
In real terms, this data management
should already be happening.
If the PoPI Regulation was currently
operational, an organisation suffering a
data breach due to theft or cyberattack
would have a case to answer should it
be found that it did not take adequate
steps to protect the data, or if its security
defences were inadequate in protecting
such highly confidential information.
So often regulations are a ‘nice way’
of ensuring companies across industry
sectors behave in a proper and respectful
way. PoPI ensures organisations
understand the need to protect data
whether on-site or on the mobile devices
of employees. And, while some decision-
makers might be excused for rolling
their eyes and thinking that PoPI is
something that might never materialise,
the business benefits of managing data
effectively mean there are significant
returns to be had by embracing
compliant measures. Make no mistake
though, the sooner institutions start with
the process in order to properly comply
with this legislation, the better their
situation will be. n
www.intelligentcio.com