On Thursday 13 September, Itec South Africa in partnership with Printsol presented the POPIA and Data Security Business Breakfast. Media, staff and clients alike arrived at Workshop 17 in Sandton to a generously presented breakfast and freshly brewed coffee, looking forward to gaining professional insights on the implications and compliance requirements of POPIA (Protection of Personal Information Act). Although POPIA is only likely to come into effect in the first or second quarter of 2019, there’s a lot that can be proactively done right now.
Gavin Meyer, Executive Director of Itec South Africa, warmly welcomed attendees and encouraged everyone to tweet the event for a chance to win an iconic Montblanc pen and signed book by Ahmore Burger-Smidt, Director of Werkmans Advisory Services and advisor to international and South African companies on data privacy and compliance.
Craig Austin, CEO of Printsol Document Services, kicked off the event with a quick presentation on Printsol Document Services offered by Itec, highlighting the importance of a Document Management Strategy that considers regulations, compliance and security.
Ahmore Burger-Smidt captivated the audience with her insightful and easy to understand presentation on the meaning and impact of the act.
Key Takeaways from Ahmore Burger-Smidt on POPIA:
We as individuals need to be aware of and vigilant about who stores our information and why.
Within a business context, the time is now to implement a cross-divisional team lead by an Information Officer to start asking the right questions and start the change process as once the act is in place, there will be no tolerance for non-compliance.
From a company communications perspective, the direct marketing sector will face the most significant changes in gaining customer consent and managing the customer data securely.
A number of jurisdictions around the world have already implemented and are enforcing data privacy legislation, for example in the European Union with the GDPR (General Data Protection Regulation).
One of the first actions companies should take is to update Privacy Policies, to specify how we get consent (express or tacit) and proof of consent (and keep clear records of exactly what someone is consenting to).
With POPIA, responsibility does not rest solely on the CIO or CTO. The burden of proof remains on the responsible party and to comply with data privacy legislation, a cross-functional team is needed. From Finance and HR to Marketing, we all need to play our role to become POPIA compliant.
The quickest win from a data compliance point of view is to appoint an Information Officer, which is actually a very senior position that can deal with responsibility and ensure there is a compliance framework, adequate measures and standards exist, that a manual for POPIA is developed and available. This is where Itec comes in to provide the Information Officer with the technology tools they need to roll all of this out.
Ahmore said: “We need to start thinking about how we will approach our customers. If we look at our company strategy, compliance requires us to stand still and re-look who we are, what we are and where we want to go. Why we want to grow in those areas and how we are going to achieve that.”
Daniel Lötter, Itec South Africa’s Head of Bids and Tenders, explained that Itec as a business has evolved. Traditionally Itec was a very successful value-added reseller, but as a Managed Business Services provider we engage your business with the ADIM model – Assess, Design, Implement and Manage. Itec has aligned itself where compliance, governance and the marketplace is taking us. “From a POPIA perspective, when data comes into your network we start accessing, covering, securing and helping you with this entire process – right up until when the data leaves your network, whether its in print or digital format. From a partnership point of view, Prinsol helps us with the authentication of who accesses the data. Itec’s Managed Business Services is not a one-touch engagement, its ongoing with an SLA so we can share the responsibility and accountability with you.