POPI Compliance and IT Security for Your SME

March 1st, 2021
POPI Compliance and IT Security for Your SME


The 30th June 2021 deadline for ensuring your business is compliant with the Protection of Personal Information Act (POPI) is fast approaching. Is your business ready? And, importantly, are you protected against the cybersecurity and data risks associated with running a business in 2021?

The reasons behind POPI

The POPI Act was drafted and ratified by Parliament in response to perceived global cybersecurity threats and South Africa’s previously inadequate cybercrime laws and regulations. Parliament assented to the POPI Act in November 2013, with final sections of the Act coming into effect on 1 July 2020, allowing businesses up to a year to become compliant.

Following the example of the European Union’s General Data Protection Regulation (GDPR), the goal of the POPI Act is to prevent data security breaches within South African organisations and to protect consumers against data theft. This places the onus on businesses to ensure they process and store customer data securely, in accordance with the conditions and regulations for doing so as set out by the Act. Non-compliance carries severe fines and, potentially, even jail time for business owners and directors.

The problem is that many businesses have been operating with inadequate cybersecurity for years, with a 2019 survey showing that only 34% of businesses were prepared to meet the POPI requirements.

Ensuring compliance and improving your IT security, all at once

Many business owners and directors envision cybersecurity threats as an army of hackers marching on their firewall, attempting to access their business’ IT system and data by force. The reality is, however, that most data security breaches occur by stealth, with a business’ biggest IT security risk unfortunately coming from within: its employees. A whopping 92% of data breaches occur due to human error, and 66% of cybercriminals rank e-mail phishing as their attack method of choice, with unsuspecting employees unwittingly lowering the drawbridge for attackers.

Cybersecurity training and monitoring services, such as the comprehensive range of services offered by Numata, will ensure your business is not only POPI compliant but protected in general.

The primary goal for cybersecurity awareness in 2021 is to ensure that employees are up to date on cybersecurity risks and the fragile areas that are continuously identified to help eliminate cyber-attacks. Through a service offering that includes cybersecurity awareness training, phishing tests, user behaviour tracking, and compiling employee risk scores, Numata can help your business to identify specific risks and knowledge-gaps on a ‘per employee' basis. Employees can then be corrected and trained on cybersecurity protocols accordingly. We can also assist with improving your IT security in general—by offering security risk assessments, security policy development, internal and external vulnerability testing, web vulnerability testing, dark web monitoring, and Microsoft security monitoring.

Contact us for more about cybersecurity and to ensure your business is POPI compliant.