How POPI Affects Your Organisation

Protect Confidential Client Data

The Protection of Personal Information (POPI) Act aims to ensure effective management of personal data, which means we are undergoing fundamental changes to the ways in which we process information. Data controllers are traditionally focused on malicious threats, like ransomware or brute force attacks. However, the most common data breaches are often the ones we least anticipate:

  • MISDIRECTED EMAILS: Misaddressed emails were the #1 cause of digital data security breach reported to the Information Commissioner's Office (ICO) for the last four quarters.
  • COMPANY LEAVERS: Almost 60% of employees steal company information when they leave or are asked to leave; 67% of [those stealing information/employees] take sensitive data to a new job, according to the Ponemon Institute.
  • HUMAN ERROR: Alongside misaddressed emails, incorrect attachments, loss or theft of paperwork, and failure to use bcc when sending email are the among highest reported incidents; more data breaches are caused by human error than by malicious attacks.

Tessian protects the Legal Sector, Financial Services, and FTSE 100 companies across the spectrum.

Legal, Financial, and Professional Services firms are choosing Tessian to ensure POPI Compliance

Not only does POPI give the Information Regulator teeth, making it imperative for business to be compliant, but the EU’s General Data Protection Regulation (GDPR) also has ramifications for organizations around the world. Businesses in South Africa (SA) that process customer data from the European Union must also ensure they are fully compliant with GDPR. A key difference to note is that with POPI, SA firms only have to be compliant with the industry standard; however, adequacy assessments as a result of GDPR mean South African companies that do business with EU Member States will be held to a stricter standard. As a result, SA businesses doing business in Europe will have to ensure they are compliant with regulations in GDPR that may not be included in their compliance with POPI.