BUSINESS AND IT RISK ADVISORY SERVICES POWERED BY THE ADVANTAGE OF PRESCIENCE
Ironvault focuses on understanding the patterns and underlying mechanisms of governance, risk and compliance management. We are situated in South Africa where we are proud to have created an advanced creative, collaborative and open-minded business risk, information risk research and hands on services network sitting globally.
To drive the new era of consulting in the fourth industrial revolution, offering the most advanced business and information governance, risk and compliance services by using the power of technology and people to manage data more visually, easier, faster and more secure.
To shield integrity and information in business and on the internet
POPIA AND GDPR COMPLIANCE ROLL-OUT - Fast & Easy
GET COMPLIMENTARY PRIVACY COMPLIANCE SOFTWARE -
To get you started
Compliance services to avoid enforcement penalties & automate consumer privacy requests
* No credit card required & migrate anytime
On 1 July 2020, South Africa’s Protection of Personal Information Act (POPIA) finally came into force, coming hot on the heels of other new privacy regulations, such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Most sections of the act are now officially law. But compliance isn’t mandatory until the remaining part of the legislation, which grants enforcement powers to South Africa’s new regulatory authority the Information Regulator, comes into effect on 1 July 2021. This means that, if your organization is subject to the POPIA, you only have a few months to comply.
POPIA only applies to companies based in South Africa or those that process personal data within South African borders. So, to check whether you need to comply, you’ll need to find out exactly where you’re processing personal data. This should include the whereabouts of not only your on-premises data centers but also your cloud-based deployments. Your cloud infrastructure will likely be the deciding factor, as both AWS and Microsoft Azure now have cloud regions in South Africa. So your company could well be using them in a bid to bring your data closer to African customers.
POPIA VS GDPR
Despite its slightly earlier origin, the POPIA is still very similar to the GDPR, sharing much the same guiding principles, including accountability, transparency, security, data minimization, purpose limitation and the rights of data subjects. In terms of how it defines personal data, the POPIA is more extensive than the GDPR, as it covers not only the information you collect about individuals but also about companies and other types of organization. This is a significant departure from other data privacy laws. So it’s not yet clear how exactly it’ll work in practice. However, as your first step to compliance, you should reflect the new legal requirements in your contracts with partners, suppliers and vendors.
As with the GDPR, the POPIA classifies a separate subcategory of personal data, known as special personal information, which is more sensitive and therefore subject to stricter requirements. This mainly relates to an individual’s:
• religious or philosophical beliefs,
• race or ethnic origin
• trade union membership
• political persuasion
• sex life or sexual orientation
• physical, physiological or behavioral characteristics (biometric data)
In addition, the POPIA applies to the personal data of any individual—regardless of their nationality. So while the GDPR is only designed to protect EU citizens, the POPIA protects anyone whose personal data is processed within South African territory or by a South African undertaking.
SKILL UP YOUR CYBER SECURITY TEAM WITH OUR CYBER MANAGEMENT ALLIANCE NCSC-CERTIFIED INCIDENT PLANNING & RESPONSE TRAINING
A comprehensive course enabling individuals to prepare a well-defined and managed approach to deal with a data breach or a cyber-attack.
TEST YOUR CYBER SECURITY TEAMS DEFENSE STRATEGY WITH OUR CYBER CRISIS TABLETOP EXCERCISE
A unique blend of verbal and visual simulation along with interactive discussions on an agreed cyber-attack scenario relevant to an organisation.
What Can We Help You With?
For more info please fill out the below form or email us at