Yesterday you likely spent a lot of time going through your inbox checking out POPIA mails from services and solutions you are signed up to. That won’t change in the coming weeks as businesses continue to wrap their heads around the ins and outs of POPIA, data privacy and protection, as well as where their responsibilities begin and end. One company that has had to ensure its compliance was sorted well before the 30th June 2021 deadline is SEACOM.
As the company explains, it is a journey that it has been on for the past few years.
“Now fully POPIA compliant, pan-African ICT service provider SEACOM first started its privacy law compliance journey in 2018, when the European Union’s General Data Protection Regulation (GDPR) came into effect,” a press release from the company notes.
“SEACOM needed to comply with GDPR, a stringent piece of EU legislation dealing with data protection and privacy, and started taking the necessary steps to protect the personal data of its customers, suppliers, and employees three years ago. With the 12-month grace period for local businesses to comply with POPIA coming to an end, SEACOM worked quickly to ensure its compliance for a second time,” it added.
To offer customers, both current and potential, peace of mind regarding its POPIA compliance, SEACOM has outlined some of the crucial elements it has taken care of to be ready for today.
- First, it took stock of what data it was collecting, auditing its customer, supplier, and employee agreements, and scaling them down.
- SEACOM then evaluated how it was disposing of documents that were no longer needed.
- The business also planned ahead, putting relevant policies in place for incident reporting and crisis management.
- And finally, SEACOM augmented its information security, focusing on passwords, encryption, access control and a clean desk policy for employees.
“POPIA compliance is complex, but essentially, businesses must ensure that they have explicit consent before they can process or use personal data. Businesses should have a system in place to easily track the storage location of the information, its processes, its access, and its usage,” the ICT service provider highlights.
“As a business in the IT space, we take data security and privacy extremely seriously. Our customers and suppliers can have peace of mind that when they do business with SEACOM, their information is protected. We also provide our employees with regular data protection training to ensure they are aligned to our mission of safeguarding information, and have plans in place to contain and recover from a data breach, should one ever occur,” points out Steve Briggs, chief sales and marketing officer at SEACOM (pictured in header).
While it remains to be seen which big firm will be the first to incur the wrath of the Information Regulator for failing to be POPIA compliant, expect to see more organisations the size and scope of SEACOM unpack the steps it took to become ready.