POPIA is data privacy laws that affect all business websites that collect data. The regulations are there to protect the online privacy of visitors and it covers how personal data is used and extracted when users visit and interact with a website. All entities must be fully compliant with the provisions of the POPI Act by 1 July 2021.

What is the POPI Act? 

The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons).

The POPI Act is important because it protects data subjects from harm, like theft and discrimination. The risks of non-compliance include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect account numbers.

Key Purpose of the POPI Act: 

  • To give effect to the constitutional right to privacy.
  • To regulate the manner in which personal information may be processed.
  • To provide persons with rights and remedies to protect their personal information.
  • To establish voluntary and compulsory measures, to promote, enforce and fulfill the rights protected by this Act.

Microsoft and iSSC can support your business compliance efforts

When it comes to compliance, particularly data privacy compliance, Microsoft adopts a shared responsibility approach. The model involves a division of responsibility for meeting regulatory requirements between Microsoft as the service platform provider, and its customers whose data is being processed within these environments.

Not only does Microsoft implement extensive controls that contribute to its customers’ compliance efforts, it has also developed a toolkit of compliance-driven capabilities to support customers’ compliance efforts and which make information governance and compliance effective at scale. Furthermore, their ease of use ensures that the organisation’s compliance decisions remain firmly in the hands of the information officer and the compliance team.

Microsoft Compliance Manager

Microsoft Compliance Manager is a workflow-based risk assessment tool in the Microsoft Service Trust Portal.

Compliance professionals are encouraged to manage their POPIA compliance using Microsoft’s Compliance Manager, an online compliance management tool within Compliance Center. Within the tool, Microsoft’s compliance framework has been mapped against several laws, regulations and standards issued around the world, including POPIA. With the tool, customers can gain visibility into those controls Microsoft has implemented to protect its customers’ data, some of which have been outlined above. Organisations can also use the tool to record implementation of their own controls as required by POPIA and other laws.

As a compliance management tool, Compliance Manager allows users to assign responsibility for control implementation to other users within their organisation and sends a notification to those users that the task has been assigned. Where users undergo internal or external audits, audit findings and reports can be recorded and uploaded into the tool where they are kept securely should they be required by customers or regulators. Compliance Manager also provides invaluable guidance to customers on how to leverage Microsoft’s technical capabilities to meet their POPIA requirements.

Why choose iSSC? iSSC has been on the forefront of cloud adoption and deployments, we have one amazing track record with these solutions. With a proven track record, you are in safe hands. To learn more about Microsoft’s robust compliance solutions, contact iSSC today.