Preparing your data for PoPI

1 October 2019 Infrastructure, Security Services & Risk Management

Now is the time for companies to ensure their data is compliant with the Protection of Personal Information (PoPI) Act. Although, South African businesses have been slow on the uptake when preparing for PoPI, intelligent data management can greatly simplify this mammoth task. Wavering is no longer an option and despite the lengthy process to publish the final regulations, the next step is to establish a deadline. Thereafter, organisations will have a grace period of only one year to comply and avoid heavy fines of up to 10 million rand and other dire consequences such as imprisonment (https://www.popiact-compliance.co.za/popia-information/16-offences-penalties-and-administrative-fines).

The first step - data encryption

When it comes to protecting any information, the way data is secured across the value chain needs to be addressed first and foremost. Encryption is the gold standard for ensuring adequate protection, and while many businesses currently encrypt their data at the storage layer, this is simply no longer enough. A data breach may occur at any point, including internally and while data is in transit. Organisations will be in breach of PoPI if they cannot prove this data is protected.

The General Data Protection Regulation (GDPR) is the European equivalent of PoPI and must be adhered to by all South African companies who do business with companies based in the European Union (EU). However, GDPR enforces similar, if not stricter standards to PoPI. For example, GDPR states that if data is encrypted, in the event of a breach and data theft, compliance is still maintained, and this is not necessarily mentioned in the PoPI Act. Moreover, data must also be encrypted at rest and in transit. As a result, data needs to be encrypted end-to-end, from the storage layer right through the database to the application layer, to ensure GDPR compliance and this will in turn, guarantee PoPI compliance.

The implications of encryption on storage costs

The challenge of end-to-end encryption with data residing on certain storage media is that it can result in storage costs spiralling out of control. This is due to the fact that many of these solutions rely on data reduction such as deduplication and compression to keep storage costs down. However, these techniques cannot be used on encrypted data.

Encrypted data can result in data storage becoming between three and five times more expensive, which can have a significant impact on any businesses total cost of ownership (TCO). In addition, it can negatively affect storage performance, with a knock-on effect to the performance of the business as a whole. It is essential to implement an intelligent storage solution that will prevent this increase in cost and decrease in performance as the amount of encrypted data grows.

An intelligent solution, an intelligent choice

Storage must address three key areas, namely capacity, cost and performance. The typical way of addressing performance challenges is to utilise all-flash arrays (AFAs). However, this is very expensive and therefore achieving high capacity is costly, especially when end-to-end encryption is required since data reduction does not work with here.

Conversely, intelligent software-based solutions can address all three of these areas, using commodity hardware to control cost and increase capacity while delivering high performance. This enables end-to-end encryption to be cost effectively implemented for optimum data protection and compliance. So, is an intelligent software storage solution the answer to PoPI compliance?


Hayden Sadler

The long and short of it

If data is encrypted end-to-end, PoPI (and the GDPR) compliance is maintained, even in the event of a data breach. This means you will not be fined, your reputation will remain intact, and any negative impact resulting from a breach can be mitigated and contained. A proper encryption strategy and intelligent software-based solution eliminates the risk of sensitive data being compromised as well as the risk of a PoPI-related penalty. If you are not prepared for PoPI, the time to start is now, or face the repercussions of non-compliance that could cripple your business.

For more information, contact INFINIDAT, Sapna Capoor, [email protected]




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

The hidden cost of cheap networking gear
Duxbury Networking Infrastructure
When it comes to building a network, price is always a consideration, especially in the current economic climate, but there is a difference between smart spending and short-term savings with long-term losses.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Advanced surveillance storage from ASBIS
Infrastructure Surveillance Products & Solutions
From a video storage solutions perspective, SkyHawk drives, designed for DVRs and NVRs, offer high capacity, optimised firmware, and a reliability workload rating of hundreds of terabytes per year.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.