We know there’s a lot going on, so we thought we’d remind you about a crucial deadline: By 1 June 2021, you need to be fully compliant with the Protection of Personal Information Act (POPIA).
That’s less than a year away – and it can take 10 to 12 months to get your systems and processes in order. Time to compliance depends on your current state of your business continuity plan, which COVID-19 has undoubtedly put to the test.
With a remote workforce using unsecured networks and their own devices to access company information, the attack surface is significantly larger than it was just a few months ago.
And with this increased vulnerability comes reduced data confidentiality – especially if someone loses their personal device, or tosses the annual financial report into the recycling instead of destroying it.
Bottom line? There’s never been a better time to create or update your business continuity plan. And there’s never been a stronger motivation than the looming POPIA deadline.
Kickstart your compliance with these steps:
The lockdown has likely exposed weaknesses in your continuity plan, like a VPN that can’t handle a remote workforce or untracked assets that employees have taken home. This impacts on your team’s productivity – and puts you at risk of flouting POPIA law.
A maturity assessment will quickly identify known and unknown weak spots in your policies and procedures and how to fix them. It can also highlight effective areas and how to strengthen them.
The insights uncovered in the maturity assessment will guide you to successful POPIA compliance and give you control over all your information privacy requirements.
This is the point where centralised GRC platforms shine. With all risk information in one place, you’ll know exactly where your assets are, who is accessing – or trying to access – your data, and what your compliance status is – on demand and in real-time.
Not sure which insight to act on first? Our subject matter experts can advise on the best steps to take to close the gaps. We’ll help you to prioritise the most critical controls for your unique situation and help you to execute them effectively.
With a relatively stable environment, it’s crucial that you’re alerted to changes as they happen. This includes changes in legislation, user behaviour, data spikes and dips, or unusual access requests.
Once flagged by your GRC management platform, your compliance partner can advise on action to address the risk and how to avoid it in future.
Through regular maturity assessments and gap analyses, you’ll know exactly what governance structures, processes, and policies you need to enforce compliance – for now, for POPIA, and for a post-pandemic future, whenever that might be.
It will be a whole new business environment that will need a whole new approach. But the fundamentals will never change:
And down the line?
You’ll have an enhanced ability to know what you don’t know. You’ll be able to dismantle the internal fiefdoms that create more risk than they manage. And you’ll create a risk-aware, risk-informed workforce.
For more information contact MWare now, click here.
by Mich Martins, CEO: MWare & Nicky Downing, CEO: Guideline Biztech