With the General Data Protection Regulation (GDPR) coming into effect this month (May 2018), South African businesses will also need to evaluate whether they fall into the wide territorial reach of the GDPR. As cyberattacks escalate in volume and sophistication, data protection is more vital than ever.
Enterprises around the globe need to focus on one of their most essential and mission-critical applications, namely email, to ensure they meet a key principle of the legislation: accountability. The potential for compliance violations are substantial, due to the sheer number of emails, as are the potential economic penalties for non-compliance.
Personal data includes names, telephone numbers and location information that can identify an individual. The GDPR emphasises the principle of accountability and the need for organisations to demonstrate they have taken reasonable measures to protect personal data.
In the digital age, where reputations can live or die on social media and a competitor is only one click away, organisations cannot afford to risk the long-term fallout of lost business because customers are concerned that adequate procedures are not being followed to secure their personal data.
The GDPR allows for legal action from customers. People must be informed if their data is stolen in a cyberattack, and they can sue. Awareness of these rights is growing, and such action is inevitable if customers believe their data has been mishandled or compromised by an organisation.