The Protection of Personal Information Act, South Africa’s data privacy law, was drafted in 2003, approved in 2013 and came into effect in 2020 with a grace period of 12 months. When compliance becomes mandatory on June 30 2021 technical and organisational measures must have been implemented to keep personal information secure against the risk of loss, damage, unauthorised access, interference, modification, destruction, and disclosure. As well as putting new obligations on organisations collecting data, the POPIA outlines accountability for breaches and gives individuals and companies a lot more power to access information held on them. Individuals have the right to ask for a copy of their personal data and can insist on correction and erasure. Complying with a Data Subject Access Request puts considerable strain on already stretched IT resources.
Covered in this article:
Evidence compliance
The RedApp provides a single place to view all your data on any device.
- Easily evidence compliance – including the requirement to securely erase files from within backup AND archive environments
- Restrict permissions, track search sessions and monitor all data deletions
- Expose anomalies where crucial data might not have been selected for protection
. . . and in the event of any issue, Redstor’s InstantData™ will live stream the data you need on demand
Security and compliance
Redstor has the capability to store data in a customer’s country of choice. With primary and secondary data centres in Johannesburg, Redstor also ensures the storage of information on SA citizens and businesses complies with the POPIA.
Secure copies of backup data are mirrored between data centres to ensure redundancy against downtime. As the owner and developer of the software, Redstor implements appropriate measures to ensure privacy and protection by design to meet the requirements of data protection law and to protect the rights of data subjects. The software and platforms are also regularly audited and tested for security.
Encryption
POPIA breaches can mean fines of up to R10 million and up to 10 years in jail as well as payment of damages to those affected. To mitigate against the risk of unauthorised access, Redstor encrypts all data before it leaves its primary location. Data is encrypted, at source, using 256-bit AES (GCM) encryption and further protected using TLS ciphers during cloud and offsite backup communication. Encryption keys are unique to every backup client and are chosen by the customer. Data cannot be read without the encryption key and at no point are these encryption keys visible to anyone at Redstor.
Security certifications
Redstor holds certifications in ISO 9001 for quality management, in ISO 27001 for information security management systems and in ISO 22301 for business continuity. Internal processes maintain the highest levels of service while annual audits ensure compliance with the latest standards.
Retention
Redstor enables organisations to set their own retention policies with the capability to retain separate data sets for different periods of time.
What Redstor does to comply
Redstor has taken measures to ensure that all business processes are in line with the POPIA. A Redstor Data Protection Officer advises associated suppliers and service providers on how best to comply with the regulation, while Redstor staff receive extensive training to ensure they retain an understanding of how the POPIA impacts on the provision of services to customers.
If you have any further questions around Redstor’s compliance with the POPIA or the software, contact us today.
