MICROSOFT 365 The POPI Act, GDPR & Compliance. Brought to you by First Technology, in strong partnership with Microsoft. THE KEY PURPOSES WHAT IS THE POPI OF THE POPI ACT ACT? (AS DECREED) ARE: The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for 01 responsible parties (called controllers in other jurisdictions) to lawfully process the personal To give effect to the constitutional right to privacy, by information of data subjects (both natural and safeguarding personal information when processed by a juristic persons). responsible party. The POPI Act does not stop you from processing and does not require you to get consent from data subjects to process their 02 personal information. Whoever decides why and how to process personal information is responsible for complying with the conditions. To regulate the manner in which personal information There are eight general conditions and three may be processed, by establishing conditions, in extra conditions. The responsible party is also harmony with international standards, that prescribe responsible for a failure by their operators the minimum threshold requirements for the lawful (those who process for them) to meet the processing of personal information. conditions. The POPI Act is important because it protects data subjects from harm, like theft and 03 discrimination. The risks of non-compliance include reputational damage, fines and To provide persons with rights and remedies to protect imprisonment, and paying out damages their personal information from processing that is not in claims to data subjects. The biggest risk, after accordance with this Act. reputational damage, is a fine for failing to protect account numbers. The biggest impact is on organizations 04 that process lots of personal information, especially special personal information, To establish voluntary and compulsory measures, children’s information, and account numbers. including the establishment of an Information Regulator, The most affected industries are financial to ensure respect for and to promote, enforce and fulfill services, healthcare, and marketing. the rights protected by this Act. First Technology Microsoft 365: The POPI Act, GDPR & Compliance WHICH COUNTRIES ARE AFFECTED BY THE GDPR? WHAT IS GDPR? Although it was implemented by the EU, and is primarily concerned with data regulation in European countries, the The GDPR is a data privacy and protection GDPR has global implications. framework aimed at improving Europe’s data privacy laws, and which could be described Because the internet has revolutionised the way the world as a first cousin (replacing the EU’s Data does business, it’s possible for a South African company Protection Directive) to South Africa’s POPIA, to have customers living in France or Italy. It’s also possible for a South African company to have European the Protection of Personal Information Act 4 customers residing within SA’s borders. In both cases, of 2013. the GDPR applies, because EU citizens are involved. If you provide products or services to EU citizens, and process POPIA, while currently only partially their data in order to do so, then you need to adhere to implemented, will apply to all businesses the GDPR – no matter where you are based. and organisations in South Africa, which by virtue of their interactions with South African consumers, collect and process their personal WHAT HAPPENS IF BUSINESSES information. DON’T COMPLY WITH THE GDPR? The General Data Protection Regulation From official reprimands to financial penalties, the (GDPR) introduces new rules for organizations consequences of non-compliance are severe. Potential that offer goods and services to people in administrative fines can reach 20 million euros. The the European Union (EU), or that collect and effects of the European Union’s General Data Protection analyze data for EU residents no matter where Regulation are already being felt. The full impact of South you or your enterprise are located. Africa’s Protection of Personal Information Act has yet to be seen. Preparation is your best course of action. First Technology Microsoft 365: The POPI Act, GDPR & Compliance MICROSOFT AND THE SAFEGUARD POPI ACT COMPLIANCE INDIVIDUAL South Africa is one of the latest countries to implement PRIVACY RIGHTS strict legislation around data privacy in the form of the UNDER GDPR WITH Protection of Personal Information Act (POPI Act). THE MICROSOFT The POPI Act sets the new benchmark for the processing of South African’s personal data by both public and INTELLIGENT CLOUD private bodies within and beyond the country’s borders. Any and all organizations conducting business on South We live in a time where digital technology African soil must ensure that their information security is profoundly impacting our lives, from the practices are compliant with the rules and regulations way we connect with each other to how we seen in the POPI Act. interpret our world. Central to this digital transformation is the ability to store and analyze massive amounts DEFEND AND PROTECT PERSONAL of data to generate deeper insights and more DATA IN YOUR CARE personal customer experiences. This helps Across the globe and South Africa, violations in data all of us achieve more than ever before, but it privacy are coming with increasingly stricter penalties, also leaves an extensive trail of data, including making it crucial for organizations to implement robust personal information and sensitive business compliance solutions. records that need to be protected. Although this may seem like an intimidating process, At Microsoft, our mission is to empower Microsoft’s compliance solutions will ensure POPI every person and every organization on the compliance and mitigate risk. It is crucial to balance planet to achieve more. Trust is at the core the pervasive nature of collaboration tools with the of everything we do because we have long compliance of POPIA, GDPR and other data privacy appreciated that people won’t use technology regulations. they don’t trust. We also believe that privacy is a fundamental human right that needs Collaboration applications can simplify the process to be protected. Microsoft believes GDPR of staff members to unknowingly share protected establishes important principles that are information with unauthorized parties, or even knowingly relevant globally. with hostile intentions. Whether it’s the one or the other, your company is the one that’s going to be held In addition to our ongoing commitment to accountable privacy, we made a number of investments over the last few years to support GDPR and Fortunately, Microsoft provides multiple security and the privacy rights of individuals. Here is a compliance solutions that will ensure your organization recap of how you can use these capabilities never lands in hot water. to help your organization on the path to GDPR compliance. First Technology Microsoft 365: The POPI Act, GDPR & Compliance MICROSOFT COMPLIANCE MANAGER: ASSESS AND MANAGE COMPLIANCE MICROSOFT’S ROBUST RISK COMPLIANCE SOLUTION WILL HELP YOU: Because achieving organizational compliance can be very challenging, understanding your compliance risk should be your first priority. Customers have told us about • Locate all personal data within your their challenges with the lack of in-house capabilities to collaborative networks and digital storage define and implement controls and inefficiencies in audit units, including on-premises shared files preparation activities. and cloud sharing applications such as Microsoft 365. The Compliance Manager and Compliance Score helps you continuously monitor your compliance status. Compliance • Automatically classify documents based Manager captures and provides details for each Microsoft on the presence of personal or other control, which has been implemented to meet specific sensitive data governed by POPI and requirements, including implementation and test plan other regulatory guidelines. details, and management responses if necessary. It also provides recommended actions your organization can take • Put in place business rules with to enhance data protection capabilities and help you meet relevant restrictions regarding classified your compliance obligations. documents in any from - printed documents, emails - to prevent data bleeding. PERSONAL DATA PROTECTION • Implement strict yet streamlined At its core, GDPR is all about protecting the personal solutions that will protect data and data of individuals—making sure there is proper security, documents accessed and shared on governance, and management of such data to help collaborative platforms such as Microsoft prevent it from being misused or getting into the wrong Teams. hands. To help ensure that your organization is effectively protecting personal data as well as sensitive content • Restrict collaboration between users relevant to organizational compliance needs, you need in different geographical locations or to implement solutions and processes that enable your subsidiaries to meet regulatory guidelines organization to discover, classify, protect, and monitor (information barriers). data that is most important. • Automatically regulate and modify The information protection capabilities within security controls to transforming risk Microsoft 365, such as Office 365 Data Governance profiles of data as users and third parties and Azure Information Protection, provide an integrated access and collaborate across multiple classification,
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages11 Page
-
File Size-