Compliance & Legalities around business Data Protection in South Africa

Protecting data correctly and effectively is a paramount business continuity imperative. Not only do organizations with ineffective data protection strategies face the immediate costs and productivity interruption of data loss, they leave themselves vulnerable to data theft, unauthorised access to confidential files and are liable for legal penalties and criminal consequences due to failed corporate governance compliance.

Responsibility for protection of data cannot be left as IT’s problem- stewardship and buy-in is required at an executive level to avoid negligence, prevent reputational damage and to implement a solution that addresses areas of vulnerability.

The reality of data mismanagement is increasingly consequential. Failure to address your organization’s risks with urgency only increases exposure and the probability of suffering financial and legal penalties.

Often however, Acts and Reports are long-winded, making them difficult to digest and complicated to drill down to tangible and actionable items. However, without securing your data and ensuring that your data protection covers all the bases- the personal and organizational consequences can be detrimental.

We’ve broken down the main Acts and Reports pertaining to data protection in enterprise environments and placed them in the table above as an easy reference, there are certain guidelines & requirements that all companies must follow:

Data Protection Legal Negligence & Compliance

1.The King III Report states that:

The Board is responsible for risk management (including data risks) and that it is necessary for them to demonstrate that they pro-actively manage these risks as a part of their duty of care

At a minimum, the Board should disclose that there is a documented and tested process in place that will allow the company to continue its critical business processes in the event of a disaster. We do not have a process in place.

It is the executives’ responsibility to take effective data management and protect the company’s data, as the board is liable for negligence in this regard.

Download our White Paper: IT Manager’s Role in Risk and Compliance

Consequences to non-compliance include:

□ Severe reputational damage
□ Legal disputes
□ Financial penalties
□ The appearance of ineffective internal management

2.The Electronic Communications and Transactions Act 25 of 2002 provides:

• Legal recognition to electronic documents and recognises that electronic documents and signatures can serve as the electronic functional equivalent of their paper based counterparts.

Chapter 8, Section 86

“A person who intentionally accesses or intercepts any data without authority or permission to do so is guilty of an offence. This offence is punishable by a fine or imprisonment for up to twelve months.”

“A person who intentionally and without authority to do so, interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffective is guilty of an offence and punishable with up to twelve months imprisonment.”

3.Public Finance Management Act (PFMA) – Chapter 5, Section 38 of the PFMA states:

“The accounting officer for a department….. (a)must ensure that that department…..has and maintains— (i) effective, efficient and transparent systems of financial and risk management and internal control.”

“An accounting officer is guilty of an offence and liable on conviction to a fine, or to imprisonment for a period not exceeding five years… if that accounting officer……wilfully or in a grossly negligent way fails to comply with a provision of section 38.

4.Protection of Personal Information Bill (PPI) – Section 3.7 of the PPI states:

According to the bill, organisations must secure personal information in their possession or under their control by taking appropriate and reasonable technical and organisational measures to prevent loss, damage and unauthorised destruction of personal information, as well as unlawful access or processing of such information.

Corporate Governance Compliance Checklist

If you can tick any of these checklist items, you are probably in breach of data protection laws and requirements.

Ineffective data protection is unacceptable in business. In order to address your risks and prevent legal and financial consequences, you need to ensure that you employ a data protection solution that offers you peace of mind data security, prevents any unauthorised access to data and provides a built from the ground up solution to enterprise data protection.

With Cibecs Business Data Protection, Compliance is Simplified.       

Cibecs is a built from the ground up enterprise data protection solution focused on providing tangible solutions to business data challenges. With Cibecs, Corporate Governance Compliance and Data Protection Law Compliance, is simple.

• Centrally managed, automated endpoint data backup
• Cibecs is a certified cryptography provider – no unauthorised access to confidential files
• Comprehensive reporting provides easy monitoring of your Data Protection Rating
• Fast & secure data recovery
• Ability to track data changes
• All business data is protected as defined in your backup policy – and is completely secure

Download our 30 Day Free Trial

Requirements in order to ensure effective data protection & compliance:

Further selected resources on Corporate Governance Compliance through effective business data protection.

Corporate Governance Compliance & Business Data Protection