How the New Data Protection Laws Will Keep Your Data Safe

Ross Saunders, Director of Global Technology Services Cura Software Solutions

How safe is your data? South Africa recently experienced the largest data breach in its history, where over 30 million records of personal information – including names, addresses, ID numbers, genders, ethnicities and email addresses of people both living and deceased – were extracted from a company’s database.

This catastrophic breach means that millions of people’s sensitive data is now insecure. But according to Ross Saunders, the Director of Global Technology Services at Cura Software Solutions, the solution is on its way in the form of the General Data Protection Legislation (GDPR) for Europe and the Protection of Personal Information Act (POPIA) for South Africa.

Saunders takes us through these new data protection laws and how these fundamental changes endeavour to keep the personal data of South Africans safe.

How the New Data Protection Laws Will Keep Your Data Safe

The “masterdeeds” data breach of over 30 million people’s personal records has been cited as South Africa’s worst-ever data breach. The sensitive information in question, including names, addresses, ID numbers, genders, ethnicities and email addresses of people both living and deceased, was extracted from one of South Africa’s top real estate companies, Jigsaw Holdings. In light of this catastrophic data leak, what guarantee do you have that your personal information – and that of your clients – is safe?

Ross Saunders, the Director of Global Technology Services at Cura Software Solutions, believes that the data should not have been where it was to begin with, and beyond that, the source website did not have best practices in place to keep any data safe. “Their first mistake was to store an extract of their database on a publicly accessible website. The fact that there were insufficient security measures in place and absolutely no data encryption was a recipe for disaster.”

According to Saunders, the solution is on its way in the form of the General Data Protection Legislation (GDPR) for Europe and the Protection of Personal Information Act (POPIA) for South Africa.

From a South African perspective, POPIA sets the conditions for when it is lawful for someone to process someone else’s personal information. The legislation, centred around integrity and confidentiality, is applied to any natural or juristic person who processes personal information, including large corporates and government.

Similarly, the GDPR is one of the most important changes in data privacy regulation in 20 years and aims to protect all EU citizens from data breaches in an increasingly data-driven world. The GDPR replaces the Data Protection Directive and will be enforced as of 25 May 2018. It could be reasonably expected that the GDPR will become the “gold standard” for data privacy regulation globally.

Data protection laws set principles that controllers must comply with, which include the following:

● Lawfulness, Fairness and Transparency

This means that the processing of information must be lawful and not excessive. Processing should be for a defined purpose, and there should be openness as to any processing activities.

The principles and conditions of the law must be followed. In an essential step towards data transparency and consumer empowerment, the new legislation stipulates that the data subjects may obtain confirmation as to whether or not their personal data is being processed, where and for what purpose.

● Purpose Limitation

The processing of the information must be for a defined purpose and limited from further processing without consent thereafter.

● Data Minimisation

Only necessary data should be kept in order for processing to take place. Organisations should be cognizant of the fact that they should not be keeping excessive data that is unused for their purpose.

● Accuracy

The data itself should be accurate, and should allow for data subject participation in making sure it is up to date.

● Storage Limitation

Once data processing has completed, the data should be removed. It should not be kept for longer than is necessary to perform the data processing activities.

● Integrity and Confidentiality

Data, wherever it may be stored, must be stored responsibly and with the correct safeguards in place to ensure its security. It is the obligation of the organisation to prevent loss, damage or unlawful access to the data via appropriate security measures. This information must be treated as confidential. In the instance of a security breach, both the regulator and the data subject should be notified of such.

Data protection laws also create obligations for controllers, which include:

● Technological and organisational measures that must be implemented to lawfully process data,

● Controlling of processors through contracts,

● Keeping records of processing activities,

● Co-operating with authorities, and Securing personal data.

In conclusion, Saunders says, “Both the GDPR and POPIA are taking extensive measures to protect and empower all citizen’s data privacy and will substantially change the landscape of data breach risks for organisations globally. Along with our other compliance solutions, Cura offers a data privacy solution specifically geared for GDPR and POPIA readiness and Management with the assistance of Michalsons attorneys.”

About Cura:

During his 14 years of experience, Roberts obtained various qualifications equipping him for the niche industry. His most recent academic accomplishments include a PMD in Business Science from GIBS. He specialised in GRC Industry Knowledge, Sales, Operational Management and Business Strategy.

Cura Software is a Gartner recognised, South African company established in 2002 that provides smarter software solutions designed to enable businesses around the world to quickly achieve the bottom line benefits of Governance, Enterprise-Wide Risk Management and Compliance (GRC). The process includes faster implementation, easier configuration and true enterprise architecture. 

This article originally posted on: How the New Data Protection Laws Will Keep Your Data Safe

Share this post

You might also be interested in:

Blog
Why A Risk Based Approach To Compliance Is Important
July 10, 2023
The 2020 global pandemic is recognised as an event that brought about significant mindset shifts…
Blog
How Organizations Can Manage AI Risks With Guidelines From The EU’s AI Act
July 6, 2023
The EU’s AI Act outlines a new legal framework that aims to significantly bolster regulations…
Blog
A Beginners Guide To Aligning ESG With Your GRC Strategy
June 30, 2023
ESG (environmental, social, and governance) criteria are part of a company’s operational requirements to attract…
Article
Cura Client Lucara Botswana Wins Prestigious GRC Award
June 8, 2023
CURA client Lucara Botswana, a diamond mining company and a subsidiary of Lucara Diamond, has…
Blog
The Beginning Of An Era For Multi-Stakeholder Capitalism, Driving Radical Climate Action
May 6, 2023
We are moving into the era of multi-stakeholder capitalism, shifting corporate leadership away from a…
Article
Don’t Succumb to Organisational Silos – Increase the Visibility of Risks Across Your Entire Organisation With CURA
April 26, 2023
CURA is a global governance, risk, and compliance (GRC) software provider that helps you better…
Article
Fact vs.Fake: Managing The Risk of Misinformation
February 16, 2023
Misinformation and disinformation are significant risks for South African organisations, and can have a direct…
Article
Future-Focused Governance Trends Businesses Need To Know About
November 29, 2022
CURA Software has published a report which focuses on future-focused governance trends that businesses and…
Blog
Resilience By Design
October 19, 2022
Earlier this month, Hurricane Ian lay waste in Florida. But two communities remarkably withstood the…
Blog
What Long-Covid Means For Businesses
October 3, 2022
Organizations worldwide were negatively impacted by COVID-19, but at the same time, have also had…
Scroll to Top