AVeS Cyber Security

Grace period for compliance with Eswatini’s Data Protection Act ends in March, warns AVeS Cyber Security

With the two-year grace period for compliance with Eswatini’s Data Protection Act No. 5 of 2022 ending in March 2024, AVeS Cyber Security is extending its experience and expertise to its clients in the Kingdom. “Even though it is a statutory requirement, we have found that companies do not really know what to do about the requirements of the Act, let alone where to begin to implement it,” comments Group CEO Charl Ueckermann.

What is data privacy, and why is it so important?

In general, data privacy refers to the right of individuals to control how their personal information is collected, used, and shared by others. It protects individuals from identity theft, discrimination, harassment, and other harms that may result from unauthorised or inappropriate use of their data. It fosters trust and confidence in digital interactions and allows individuals to exercise their fundamental rights and freedoms in an increasingly data-driven world.

How is data privacy regulated?

Data privacy is regulated by various laws and standards, such as the General Data Protection Regulation (GDPR) in Europe and the Protection of Personal Information Act (POPIA) in South Africa, which require companies to respect and protect individuals’ data privacy rights.

Eswatini’s Data Protection Act regulates how personal data is collected, processed, disclosed, and protected, while considering the trade-offs between privacy of personal information and laws specific to different sectors and other relevant issues.

The Act empowers the Eswatini Communications Commission, which is Eswatini’s Data Protection Authority, to monitor and enforce compliance with the provisions of the Act by public and private bodies, among other things. The Act applies to any data controller or data processor who processes personal information within Eswatini.

What are the challenges posed by implementing data privacy?

Implementing robust data protection measures presents an array of challenges. Many companies attempt to get on top of compliance by using spreadsheets as a manual intervention. However, such an approach does not cater for compliance checklists and properly curated content, let alone status dashboards to monitor compliance once it is properly in place. As a result, efficient implementation is well-nigh impossible.

Another challenge is poor data inventory in terms of maintaining accurate records of the personal data collected. This is a mammoth undertaking that many companies have to face, while being exposed to potential legal and reputational damage. The risks of mishandling personal data range from regulatory fines to major financial losses.

A lack of data privacy expertise

This is often linked to a lack of data privacy expertise, which is where AVeS Cyber Security is ideally positioned to assist, especially if a company does not have a dedicated Data Protection Officer (DPO), let alone an in-house specialist. AVeS Cyber Security can identify any data privacy risks and propose a plan to mitigate these effectively.

With stakeholders, clients, and regulators breathing down a company’s back as the deadline approaches, AVeS Cyber Security is here to take the pressure off and ensure compliance is introduced from the ground up. Thanks to its extensive experience in the field of data protection and privacy, AVeS Cyber Security can assist any company in Eswatini, whether big or small, comply with tried-and-proven technical and organisational measures. AVeS Cyber Security is experienced in all appropriate technical and organisational measures, including world-leading information security controls such as ISO/IEC 27001:2022 and ISO/IEC 27002:2022. Its expertise covers encryption, identity and access management, privileged access management, vulnerability and patch management, endpoint protection, anti-malware, virtual private networks, and zero-trust, among others