Protect Your SME From PoPI

Protect Your SME From PoPI


Every SME out there should be concerned about the Protection of Personal Information (PoPI) Act and the impact it has on your bottom-line.

All businesses store and process personal information at some point, be it that of employees or customers. PoPI is all about effectively governing the usage and storage of that data.

Most businesses & their people today, require the ability to access that data online whilst working remotely. This creates a huge risk of non-compliance and exploitation.

The reality is that POPI does impact all businesses that have control over, or process any kind of personal information. According to Botha, Eloff, Swart (2015), “Personal information is defined by PoPI as any information relating to an identifiable, living, natural or juristic person”.

Related: Five Tips for Effective Marketing that Complies with the POPI Act

Why is PoPI Important to SME’s?

The answer is simple: Brand reputation, business impact, financial and legal consequences.

According to thought leader, Monisha Prem, “It is in your business’ best interest to comply with PoPI as the consequences of non-compliance are severe”. Monisha reports on some startling financial and criminal penalties:

  1. Civil action for damages
  2. Fines of up to R10 million
  3. 12 months to 10 years imprisonment.

This begs the question: What can a SME owner do to circumvent this risk, and better secure the information that resides on its network?

Below is some advice on how you can secure this information & your network by implementing some basic network security elements.


Step 1: Ask & Answer

If PoPI is all about the protection of personal information then answer some questions about that data:

  1. Where is the data stored?
  2. Who has access to the data and is access effectively governed?
  3. What is the data used for?
  4. Is the usage or processing of the data tracked and controlled?

Once you understand how and when all this data is being used & stored, you can then look at taking the first step in safeguarding your business against the repercussions of non-compliance or security breach.

Related: How will POPI influence my ability to market my products?

Step 2: Start at the beginning, its always a good place to start

You need to secure & govern access to all your data. If you have a website, a CRM server, or are keeping any records accessible via the internet, your data integrity and SME is at risk.

By implementing proper data security and access control, you can protect your accountability as a business, and more effectively govern the use of that data.

By showcasing your willingness to comply, you can also increase trust between your business and your customers.

Think about it: I would rather share more information with a company that I can trust to take the proper precautions with my personal data. I would be more inclined to shop online through their e-commerce store, or place my electronic signature on an order or contract.

Some things to consider about first-line protection, are:

  1. Draft a data security policy that governs storage, processing, and security of personal data. Ensure that the actions mentioned in the policy are measurable
  2. Store the data on a secured server/s behind some form of firewall
  3. Implement stricter access control mechanisms for your network

Step 3: Tighten-up your access points

By controlling access to the data, you decrease the risk of exploitation. The best and most effective way to do that, is:

  1. Train your staff on proper information management. Most security breaches happen due to human vulnerabilities or ignorance
  2. Implement secure access control mechanisms such as login’s, passwords etc.
  3. Secure your network – Control access to your network and data by using a firewall.

Related: PoPI: This Changes Everything

Step 4: Invest in Tech. Educate your Assets

Use firewalls to secure your network/s good and proper. Train-up your staff on information security and data management practice, and lock-down your network – one-time-shoe-shine.

Jared van Ast
Jared van Ast is the founder & MD of 10dot Cloud Security. Frustrated with diluted value propositions. Loves to do things properly. Suspicious by nature and habitually pragmatic. Focused on network security, 10dot works to lock-up SME networks & help them grow. Over 15 years experience in IT & ISP sectors, Jared is hell bent on enabling SME’s to focus on core business. 10dot Cloud Security – The Network Security Specialists.