On May 18, 2017, the tech titan announced its plan to launch two hyperscale cloud data centres in South Africa’s metropolitan hubs of Cape Town and Johannesburg.
“We’re excited by the growing demand for cloud services in Africa and their ability to be a catalyst for new economic opportunities,” explained Scott Guthrie (Executive Vice President, Cloud and Enterprise, Microsoft) at the time.
Guthrie’s sentiments were echoed at the 2018 Microsoft Tech Summit in Cape Town, where Nuri Cankaya (Senior Sub Product Marketing Manager, Microsoft Azure) and Victoria Grady (General Manager, Microsoft Azure Experience Marketing) highlighted some of the benefits of the Azure environment and urged customers to start preparing for cloud migration.
Microsoft has 54 Azure regions spanning the globe. The majority of these (42) are already available, while others have been announced, but not yet launched.
The data centres in Cape Town and Johannesburg are Microsoft’s first such facilities in Africa and represent a significant investment by the company, as well as a game-changing development for individuals and organisations concerned about data residency.
At present, customers based in Africa depend on cloud services delivered from data centres outside of the continent. It’s thus possible that data belonging to a business in Pretoria is actually being stored on a remote server in Amsterdam. It’s not an ideal situation, given that data is often subject to the laws of the country in which it resides.
Did you read last week’s blog post about data-privacy legislation? We covered South Africa’s Protection of Personal Information Act and the European Union’s General Data Protection Regulation, as well as the penalties for non-compliance in each case.
Microsoft’s SA-based data centres will provide secure cloud services across Africa, with the option of data residency in SA. The facilities are expected to be up and running later this year.
A clear plan and a capable team will be necessary for successful cloud migration.
Microsoft has two training initiatives to help prepare your IT staff for the Azure environment: Azure Essentials and the DC Cloud Insider Certification.
Over the next few weeks, we’ll be taking a detailed look at cloud computing and several Azure products and services as we map out the steps for your journey to the cloud.
On June 14, Liberty Holdings was targeted by cybercriminals, who breached the group’s IT systems. The hackers claimed to have stolen 40 terabytes of data.
On July 11, Facebook was fined 500 000 pounds (about R9-million) in connection with the Cambridge Analytica scandal. The social media giant failed to protect its users’ information, according to Britain’s data watchdog.
In an increasingly digital environment, cybercrime is an evolving threat. Across the world, governments, economic associations and political groups have implemented legal structures to regulate the information-powered international ecosystem.
If you’re a South African business owner, then you need to understand the directives of SA’s Protection of Personal Information Act as well as the European Union’s General Data Protection Regulation.
The POPI Act (also known as POPIA) was signed into law by President Jacob Zuma on November 19, 2013, and published in the Government Gazette a week later on November 26, 2013.
The legislation is designed to ensure that private, public and governmental organisations behave responsibly when managing the personal information of both “natural persons” (individuals) and “legally recognised entities” (like companies).
The key purposes of the POPI Act (as decreed) are:
Certain sections of the POPI Act became effective on April 11, 2014, and address the appointment of South Africa’s Information Regulator.
The government has yet to announce the commencement date for the remaining provisions of the law, but is expected to do so later in 2018.
There will be a grace period of 12 months from the date of commencement for organisations to comply with the POPI Act.
You can find the full text of the Protection of Personal Information Act on the Justice Department’s website.
You can also download our infographic – 10 Things To Know About South Africa’s Protection of Personal Information Act – to print and keep, absolutely free.
All organisations that collect, process, store or share personal information must abide by the rules and regulations of the Act.
Comprehensive data privacy and data security initiatives will need to be implemented so that the technology, systems and processes used for information-gathering and information management comply with the law.
Broadly speaking, the POPI Act sets certain conditions for the acquisition, storage and management of personal details so that individuals (and legally recognised entities) know what is being done with their data. The law also defines the obligations and responsibilities related to information management, including quality control and security.
Accountability and transparency are core elements of the POPI Act. When the law comes into full force, organisations will have a brief window of opportunity to sort out their affairs. After that, non-compliance is likely to result in a financial penalty and/or imprisonment.
Conducting an in-depth evaluation of your business processes will help you to identify potential problem areas:
South Africa’s Protection of Personal Information Act is expected to have a dramatic impact on the local business landscape, much like the General Data Protection Regulation has done in the European Union.
The General Data Protection Regulation (GDPR, or EU Regulation 2016/679) is a sweeping data-protection law that was approved by the European Union in April 2016.
The legislation addresses the privacy rights of internet users and imposes limitations on the processing of their online data, including email addresses and social media posts.
The GDPR is already in effect.
Full enforcement began on May 25, 2018.
Did you receive a flood of “Privacy Policy” notices in your inbox around that time? You weren’t the only one. As the two-year GDPR grace period drew to an end, there was a flurry of compliance activity across the world.
Although it was implemented by the EU, and is primarily concerned with data regulation in European countries, the GDPR has global implications.
Because the internet has revolutionised the way the world does business, it’s possible for a South African company to have customers living in France or Italy. It’s also possible for a South African company to have European customers residing within SA’s borders. In both cases, the GDPR applies, because EU citizens are involved.
If you provide products or services to EU citizens, and process their data in order to do so, then you need to adhere to the GDPR – no matter where you are based.
From official reprimands to financial penalties, the consequences of non-compliance are severe. Potential administrative fines can reach 20 million euros. The effects of the European Union’s General Data Protection Regulation are already being felt. The full impact of South Africa’s Protection of Personal Information Act has yet to be seen. Preparation is your best course of action.