What is GDPR?

The General Data Protection Regulation (GDPR) is a pan-European data protection law.

The EU’s Data Protection Directive of 1995, and all other member state laws that have been based on it, including the UK’s DPA (Data Protection Act) of 1998, are superseded by the GDPR. Regulations and Directives are the two major types of legislative acts that are enforced by the states of the EU. Regulations apply directly to all EU member states and are binding. Directives, on the other hand, are goal agreements that member states must achieve with domestic legislation.

What does the GDPR do?

The GDPR allows European Union data subjects to have more control over their personal data and how it is processed. Organisations will also be required to comply with a new range of rules and obligations regarding the processing of the personal data of their clients.

Who does the EU GDPR apply to?

The GDPR applies to all European Union (EU) organisations that gather, store, and process any personal data of citizens and people residing in the EU. 

The rules and obligations stipulated by the GDPR also apply to all organisations based outside the EU that perform services and offer products to any EU residents, which include monitoring or processing their behaviour or personal data. 

What are data controllers and processors?

A data controller is a person, public authority, agency, or body that determines the processes of personal data. A data processor processes data on behalf of a data controller. The requirements for compliance depend on whether you are a data controller or processor.  

What does GDPR require you to do?

• Governance and accountability.
• Perform data protection impact assessments when processing operations are considered high-risk.
• Ensure that personal data is kept safe and secure through the implementation of technical and organisational measures.
• Steer a GDPR meeting which includes staff awareness training.
• Appoint a data protection officer where necessary.

The benefits of GDPR compliance

There are great advantages to GDPR compliance. By approaching data protection correctly, your organisation can enjoy the enhancement of its reputation by building better customer relationships with existing and potential new customers.

Other benefits of complying with GDPR include:

• A risk reduction of data breaches.
• An increase in information security.
• Gaining a competitive advantage because of increased customer trust.

How can WWISE help you with GDPR compliance?

ISO 27701:2019 Security Techniques is an extension to ISO/IEC 27001 and ISO/ IEC 27002 for Privacy Information Management (also Personal Information Management). WWISE can implement an Information Security Management System aligned to ISO 27001 and 27701, which will assist your organisation in complying with GDPR. Simply contact us today!

What is King IV™?

If King IV™ required a one-word synopsis, ‘transparency’ would be the best word to describe it. The predecessors of King IV™ created the foundation of complete corporate governance, being a vital component of good corporate citizenship. The idea of good corporate governance stems from the recognition that organisations form an integral part of society; therefore, organisations are held accountable to any current or future stakeholders. King IV™ has introduced an ‘apply and explain’ regime, which recommends the transparency of organisations throughout the application of their corporate governance practices.

King IV™ reiterates that good corporate governance goes beyond a quick tick box or compliance exercise, and should be considered as a universal, integrated collection of measures that require an extensive understanding and should be implemented in an integrated manner. King IV™ recommends that the King IV™ Code be applied sensibly to ensure that an organisation’s practices are interpreted accordingly. This ensures that an organisation takes full advantage of the benefits offered by this facet of corporate governance.

Benefits of King IV™

King IV™ assists organisations to reap the benefits of complying with corporate governance. The King IV™ governance comprises 17 principles that encourage an organisation to move beyond merely complying and move towards creating actions that relate to and integrate with an organisation’s context, which in turn will shift them towards accomplishing their goals.  Corporate governance exists to produce positive outcomes for organisations through implementation.

The list of key benefits includes:

• Boosted reliability and improved reputation. A well-governed organisation is better suited to access financing at more desirable rates, ensuring the organisation is more appealing to investors and shareholders. These organisations tend to attract loyal customers and talented employees.
• Good governance leads to more control, transparency, and a stronger resistance to fraud. White-collar crimes are currently one of the greatest risks for organisations as they are often underreported.
• Good corporate governance enables organisations to mitigate risks more successfully to add to their disaster recovery capabilities, ensuring the organisation is more robust.
• Corporate governance codes oblige governing bodies to create succession plans for high-profile leaders to avoid any interruptions in leadership, which can be detrimental to an organisation.

How can WWISE help you with King IV™?

King IV™ has principles related to ISO 9001:2018 Quality Management Systems and ISO 31000:2018 Risk Management Guidelines to assist in ensuring a framework of Good Governance. The ISO 37000 Guidance for the Governance of Organisations.  Key principles and relevant practices, and a framework to guide the governance of organisations in how to meet their responsibilities so that they can fulfil their purpose. It applies to all organisations, regardless of type, size, location, structure or purpose.

WWISE can assist in implementing ISO 9001:2018 in conjunction with ISO 31000:2018 and ISO 37000:2016 to assist organisations with Governance best practices.

What is ITSM- ITIL?

The Information Technology Infrastructure Library (ITIL) is a framework which aligns IT services with business needs. ITIL processes tasks, procedures, and checklists that are not company-specific but can be part of an organisation’s strategy plan to maintain competency. The framework can be used to demonstrate compliance and measure improvement within a business.

The benefits of ITIL

• Aligns IT solutions with business requirements.
• Consistency.
• Effective service delivery.
• Improved services and data processing.
• Realistic Service Levels.
• Improvement of the Return on Investment (ROI).

How can WWISE help you with ITIL?

At WWISE, we recognise the importance of ITC Governance. We offer consulting, implementation, and training services, as well as the development of business-specific ITIL systems against the ISO 20000-1:2018 IT Service Management System Requirements Standard. We assist with the implementation to prepare an organisation for ISO 20000-1:2018 certification. With our 100% certification rate, you can rest assured your business will conform. 

COBIT 5 

What is COBIT 5?

COBIT stands for Control Objectives for Information and Related Technologies, quite a mouthful it is it not? Basically, COBIT is a framework created by the Information Systems Audit and Control Association (ISACA) for Information Technology Management and IT Governance. The framework highlights and defines the generic process of IT Management processes, relative objectives and outputs, key processes and Objectives. The framework measures performance and maturity using the Capability Maturity Model (CMM), which is a tool to study data collected from organisations contracted in the U.S Defence Force.

Benefits of COBIT 5

•  COBIT is a world-recognised IT management framework with globally accepted principles, practices, tools, and models that increase trust.
• The framework can be implemented within organisations of any size.
  Additionally, COBIT can be aligned to the ISO/IEC 27001:2022 Information Security Management System Standard.

Compliancy

WWISE cannot certify your organisation against COBIT 5. We can, however, introduce you to the ISO 27001:2018 Information Security Management System. This Information Security Management System (ISMS) will ensure you comply with the principles of COBIT 5. By implementing this ISMS, you will reap benefits through:

• Time and cost savings.
• Improved productivity and customer satisfaction.
• Your organisation’s senior management has efficient ways to manage areas of responsibility as they are clearly defined.

Once certified, you will gain credibility in the industry and a competitive edge, especially when tendering for public work projects. Certification shows your customers that you follow standardised procedures and assure them of consistency. You also benefit from quality measures. Once the systems are in place, you can ensure on-time and high-quality service delivery, a decrease in returned products, less time spent in handling complaints, and improved employee morale

What is Prince2?

PRINCE2 is the abbreviation used for PRojects IN Controlled Environments. The tool is a structured project management and practitioner certification programme. PRINCE2 highlights the importance of breaking down projects into manageable and controlled stages. 

These principles are adopted across the globe, in the UK, Western European countries, and Australia. The principles are available in many languages.

Benefits of Prince2

PRINCE2 assists with methods for managing projects within a clearly defined framework. This framework does not guarantee seamless project management, as it is dependent on the complexities of projects. Benefits include:

• Increased product quality.
• Effective resource optimisation.
• Boost in confidence amongst the project team.

Limitations and Certification of Prince2

Training and Certification

PRINCE2 certification is awarded by AXELOS, while training is provided by an Accredited Training Organisation (ATO), with a final examination to be granted accreditation.

While PRINCE2 is not a principal or framework facilitated by WWISE, we offer several Management System solutions that can assist your business in preparing and gaining the expert advice to manage projects accordingly.

POPI 

What is the POPI Act?

Due to the globalisation of economies, the rapid expansion of technology and the internet’s ability to transfer communication swiftly from one country to another, the protection of personal information or data has become the object of global recognition. The purpose of the Protection of Personal Information Act (POPIA) is to ensure the protection of the constitutional right to privacy when organisations collect, process, store and share another individual’s or entity’s personal information. The Act holds institutions accountable when processing personal information and bestows certain rights of protection to the information owner. 

Why do you need it?

1. Ignorance of the law is no excuse

The POPI Act applies to any public or private institution which processes personal information. This includes processing the personal information of other entities. It is a code of conduct by which all businesses must comply. The penalties for non-compliance range from penalties of up to R10 million or imprisonment of up to 10 years. Therefore, achieving legal compliance brings with it a reduction in the risks of restrictions on fines and lawsuits.

1. Alignment to global best practice

Multiple jurisdictions around the world have already implemented data privacy legislations, such as the EU’s GDPR, the California Consumer Privacy Act, Australia’s Privacy Principles (APP), Canada’s Personal Information Protection and Electronic Data Act (PIPEDA) and Brazil’s Brazilian Internet Act, amongst others. Therefore, compliance with the POPI Act assists organisations in aligning with global best practice in the field of Data Privacy.

1. Transactions with global entities

Non-compliance with globally aligned legislation like POPI can restrict a company’s ability to transact with other companies in the information economy.

1. Transparency in processing information

Compliance with the POPI Act assures stakeholders that an organisation will process information in a trustworthy manner. When consumers trust an organisation, they are more likely to share their private information with such an organisation. Therefore, POPI compliance becomes a marketable tool.

1. Data Security Culture

South Africa is reported to have the third-highest rate of phishing attacks in the world. Furthermore, it is estimated that South Africa loses R1 billion a year due to cybercrime-related activities. Therefore, compliance with POPI assists in instilling an organisation-wide culture of data security.

What are the benefits?

The benefits of complying with the POPI Act include:

• Aligning with International standards.
• Aligning with ISO 27001.
• Balance between the right to privacy and rights of access to information.
• Implementing the constitutional right to privacy by safeguarding an entity’s personal information.

How can WWISE assist?

WWISE simplifies compliance with the POPI Act by assessing your business’s current compliance with the Act against the measures that need to be taken for full compliance. Compliance with the POPI Act is aligned with the ISO/IEC 27001:2022 standard.