RSAWEB is helping South African Businesses to get POPIA ready
POPIA stands for the Protection of Personal Information Act 4 of 2013, and responsible parties have until the 1st of July 2021 to become POPIA compliant. The Act aims to give effect to the constitutional right to privacy, whilst balancing this against competing rights and interests, particularly the right of access to information.
The Difference Between POPIA & GDPR
POPIA and General Data Protection Regulation (GDPR), which is the effective EU legislation, are similar but not identical. GDPR includes certain key protections not included in POPIA and covers areas concerning consent, right of access by data subjects, right to erasure, data portability and privacy by design. You can read more here: https://www.gov.za/documents/protection-personal-information-act and https://gdpr.eu/
We partner with global technology leaders and combine their cumulative industry credentials to ensure our service and solution delivery is transformative, compliance enabling and security focused.
RSAWEB helps clients simplify their POPIA Compliance in 3 ways:
1) Local, in- country cloud hosting and storage for business systems, personal information and client data to reduce the risk of trans-border information flow.
2) Secure your critical data and your customer’s information utilising industry-leading firewall technology, Microsoft 365 business applications with Mimecast security and archiving, secure cloud environments and having access to RSAWEB highly qualified network and cloud teams for professional services.
RSAWEB are professionals and assist in implementing and managing:
- Firewalls
- Anti- Virus and Endpoint security
- Microsoft 365 business applications
- Mimecast for email archiving, continuity and security
- Logical and physical access control
- Secure deployment of hardware and software ensuring overall architecture of your IT infrastructure secure and POPIA compliant
3) Manage your data backup and archiving: Backing-up, storing and deleting of company and client data in a secure, local environment is critical for your company’s POPI compliance purposes.
Staying Compliant in The Modern Era
In current times, where the way we all do business has become more remote and virtual it becomes increasingly more important to focus three key areas within your business: user access and control, data sovereignty and management; and systems security.
Many organisations are accelerating their migrations to cloud hosting providers and implementing solutions which enable their end-users to access business applications and data.
Easy Compliance with RSAWEB’s Cloud Solutions
RSAWEB provides various cloud computing solutions to the South African market. Our multiple availability zones are hosted within data centre facilities offering ISO 9001, ISO 27001, PCI compliance capabilities. Our virtualisation software partner, VMware, provides a comprehensive scorecard of industry compliance and security certifications; as do our aligned software and Software as a Service (SaaS) partners: Veeam (for Backup and Replication), Microsoft, Fortinet and Cloudflare.
We regularly engage our Cloud Services customers to review their architecture, security and data management scenarios. Typically, we recommend and assist with the implementation of systems architecture that provide control of user access to their production environments: the security and control begin with either Cloudflare Web Application Firewalling (WAF services) and/or an RSAWEB managed Fortigate Firewall by Fortinet. This approach covers large portions of two of the key areas of focus in terms of POPI.
Data sovereignty and management is the third key area of focus and covers a number of critical factors: data management – the management of data in motion and data at rest and pursuant to this, data sovereignty – the express knowledge of where the data physically is stored.
In terms of the POPI act the general rule of thumb would be to store all user and customer data (governed under the act) in South Africa. RSAWEB, using Veeam software, provide our customers with Enterprise Grade data backup, replication and disaster recovery scenarios for both on-premise (physical or virtual infrastructure) as well as cloud environments (incorporating a multi-cloud strategy enabling data portability, mobility and end to end management capabilities).
Lastly our ‘Shared Responsibility Model’ is used constructively to show key lines of responsibility, between RSAWEB and our customers, in terms of the requirements of POPIA thus providing an opportunity to identify areas within your business systems that require additional security, or even re-design.
Let RSAWEB help get your business POPIA ready. Call us on 087 470 0000 and one of our in-house experts will demonstrate how we can help you achieve complete compliance deference.