Search
Close this search box.

It’s Time To Gear Up For Microsoft’s SA Data Centres

Cape Town – Microsoft Azure, Office 365 and Dynamics 365 will soon be delivered from Microsoft data centres on African soil. Have you considered moving to the cloud?

Microsoft is bringing its global cloud infrastructure to Africa, with data centres in Cape Town and Johannesburg to connect you to the world.

On May 18, 2017, the tech titan announced its plan to launch two hyperscale cloud data centres in South Africa’s metropolitan hubs of Cape Town and Johannesburg.

“We’re excited by the growing demand for cloud services in Africa and their ability to be a catalyst for new economic opportunities,” explained Scott Guthrie (Executive Vice President, Cloud and Enterprise, Microsoft) at the time.

Guthrie’s sentiments were echoed at the 2018 Microsoft Tech Summit in Cape Town, where Nuri Cankaya (Senior Sub Product Marketing Manager, Microsoft Azure) and Victoria Grady (General Manager, Microsoft Azure Experience Marketing) highlighted some of the benefits of the Azure environment and urged customers to start preparing for cloud migration.

A first for Africa

Microsoft has 54 Azure regions spanning the globe. The majority of these (42) are already available, while others have been announced, but not yet launched.

The data centres in Cape Town and Johannesburg are Microsoft’s first such facilities in Africa and represent a significant investment by the company, as well as a game-changing development for individuals and organisations concerned about data residency.

At present, customers based in Africa depend on cloud services delivered from data centres outside of the continent. It’s thus possible that data belonging to a business in Pretoria is actually being stored on a remote server in Amsterdam. It’s not an ideal situation, given that data is often subject to the laws of the country in which it resides.

Did you read last week’s blog post about data-privacy legislation? We covered South Africa’s Protection of Personal Information Act and the European Union’s General Data Protection Regulation, as well as the penalties for non-compliance in each case.

Microsoft’s SA-based data centres will provide secure cloud services across Africa, with the option of data residency in SA. The facilities are expected to be up and running later this year.

Microsoft wants you to be ready

A clear plan and a capable team will be necessary for successful cloud migration.

Microsoft has two training initiatives to help prepare your IT staff for the Azure environment: Azure Essentials and the DC Cloud Insider Certification.

We want you to be ready, too

Over the next few weeks, we’ll be taking a detailed look at cloud computing and several Azure products and services as we map out the steps for your journey to the cloud.

SA’s POPI Act, the EU’s GDPR and your business

South Africa’s Protection of Personal Information Act and the European Union’s General Data Protection Regulation have widespread implications for businesses. Are you prepared?

Data privacy and data security are firmly in the spotlight after headline-making incidents around the globe in 2018..

On June 14, Liberty Holdings was targeted by cybercriminals, who breached the group’s IT systems. The hackers claimed to have stolen 40 terabytes of data.

On July 11, Facebook was fined 500 000 pounds (about R9-million) in connection with the Cambridge Analytica scandal. The social media giant failed to protect its users’ information, according to Britain’s data watchdog.

In an increasingly digital environment, cybercrime is an evolving threat. Across the world, governments, economic associations and political groups have implemented legal structures to regulate the information-powered international ecosystem.

If you’re a South African business owner, then you need to understand the directives of SA’s Protection of Personal Information Act as well as the European Union’s General Data Protection Regulation.

What is South Africa’s Protection of Personal Information Act?

The POPI Act (also known as POPIA) was signed into law by President Jacob Zuma on November 19, 2013, and published in the Government Gazette a week later on November 26, 2013.

The legislation is designed to ensure that private, public and governmental organisations behave responsibly when managing the personal information of both “natural persons” (individuals) and “legally recognised entities” (like companies).

The key purposes of the POPI Act (as decreed) are:

  • To give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party.
  • To regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information.
  • To provide persons with rights and remedies to protect their personal information from processing that is not in accordance with this Act.
  • To establish voluntary and compulsory measures, including the establishment of an Information Regulator, to ensure respect for and to promote, enforce and fulfill the rights protected by this Act.

When will the POPI Act be implemented?

Certain sections of the POPI Act became effective on April 11, 2014, and address the appointment of South Africa’s Information Regulator.

The government has yet to announce the commencement date for the remaining provisions of the law, but is expected to do so later in 2018.

There will be a grace period of 12 months from the date of commencement for organisations to comply with the POPI Act.

You can find the full text of the Protection of Personal Information Act on the Justice Department’s website.

You can also download our infographic – 10 Things To Know About South Africa’s Protection of Personal Information Act – to print and keep, absolutely free.

Who is bound by the POPI Act?

All organisations that collect, process, store or share personal information must abide by the rules and regulations of the Act.

Comprehensive data privacy and data security initiatives will need to be implemented so that the technology, systems and processes used for information-gathering and information management comply with the law.

Broadly speaking, the POPI Act sets certain conditions for the acquisition, storage and management of personal details so that individuals (and legally recognised entities) know what is being done with their data. The law also defines the obligations and responsibilities related to information management, including quality control and security.

How is compliance achieved?

Accountability and transparency are core elements of the POPI Act. When the law comes into full force, organisations will have a brief window of opportunity to sort out their affairs. After that, non-compliance is likely to result in a financial penalty and/or imprisonment.

Conducting an in-depth evaluation of your business processes will help you to identify potential problem areas:

  • Audit your entire operation to determine when, where and how personal information is handled.
  • Formulate new protocols and implement checks and balances to ensure compliance.
  • Educate your staff to create an organisation-wide culture of responsibility.

South Africa’s Protection of Personal Information Act is expected to have a dramatic impact on the local business landscape, much like the General Data Protection Regulation has done in the European Union.

What is the General Data Protection Regulation?

The General Data Protection Regulation (GDPR, or EU Regulation 2016/679) is a sweeping data-protection law that was approved by the European Union in April 2016.

The legislation addresses the privacy rights of internet users and imposes limitations on the processing of their online data, including email addresses and social media posts.

When will the GDPR be implemented?

The GDPR is already in effect.

Full enforcement began on May 25, 2018.

Did you receive a flood of “Privacy Policy” notices in your inbox around that time? You weren’t the only one. As the two-year GDPR grace period drew to an end, there was a flurry of compliance activity across the world.

Which countries are affected by the GDPR?

Although it was implemented by the EU, and is primarily concerned with data regulation in European countries, the GDPR has global implications.

Because the internet has revolutionised the way the world does business, it’s possible for a South African company to have customers living in France or Italy. It’s also possible for a South African company to have European customers residing within SA’s borders. In both cases, the GDPR applies, because EU citizens are involved.

If you provide products or services to EU citizens, and process their data in order to do so, then you need to adhere to the GDPR – no matter where you are based.

What happens if businesses don’t comply with the GDPR?

From official reprimands to financial penalties, the consequences of non-compliance are severe. Potential administrative fines can reach 20 million euros. The effects of the European Union’s General Data Protection Regulation are already being felt. The full impact of South Africa’s Protection of Personal Information Act has yet to be seen. Preparation is your best course of action.