{"id":69028,"date":"2021-05-08T11:29:23","date_gmt":"2021-05-08T09:29:23","guid":{"rendered":"https:\/\/www.sage.com\/en-za\/blog\/?p=69028"},"modified":"2026-01-29T17:27:12","modified_gmt":"2026-01-29T15:27:12","slug":"small-business-data-protection-low-hanging-fruit","status":"publish","type":"post","link":"https:\/\/www.sage.com\/en-za\/blog\/small-business-data-protection-low-hanging-fruit\/","title":{"rendered":"Small business data protection: low hanging fruit"},"content":{"rendered":"<header class=\"entry-header has-dark-background-color entry-header--has-illustration entry-header--has-illustration--generic\">\n\t<div class=\"container\">\n\t\t<div class=\"entry-header__row row align-center\">\n\t\t\t<div class=\"col col-lg-7 col-xlg-6 entry-header__content\">\n\t\t\t\t\t\t\t<div class=\"component component-single-header\">\n\t\t\t\t\t\t\t\t\t\t<div class=\"entry-header__misc text--subtitle text--uppercase text--small\">\n\t\t\t\t\t\t\t<a href=\"https:\/\/www.sage.com\/en-za\/blog\/category\/strategy-legal-operations\/compliance\/\" class=\"entry-header__link\">Compliance<\/a>\t\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t<div class=\"entry-title-wrapper\">\n\t\t\t\t\t<h1 class=\"entry-title\">\n\t\t\t\t\t\tSmall business data protection: low hanging fruit\t\t\t\t\t<\/h1>\n\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t<p class=\"entry-header__description\">\n\t\t\t\t\t\t\t\t\t\t\t<\/p>\n\t\t\t\t\n\t\t\t\t\n\t\t\t\t\n\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/div>\n\t<div class=\"single-post-details container\">\n\t\t<div class=\"col\">\n\t\t\t<span class=\"posted-on \"><time class=\"entry-date published\" datetime=\"2021-05-08T11:29:23+02:00\">May 8, 2021<\/time><\/span><span class=\"reading-time\"> min read<\/span>\n\t\t<button\n\t\t\ttype=\"button\"\n\t\t\tclass=\"social-share-button button button--icon button--secondary js-social-share-button\"\n\t\t\tdata-share-title=\"Small business data protection: low hanging fruit\"\n\t\t\tdata-share-url=\"https:\/\/www.sage.com\/en-za\/blog\/small-business-data-protection-low-hanging-fruit\/\"\n\t\t\tdata-share-text=\"Please read this interesting article\"\n\t\t>\n\t\t\t<span class=\"social-share-button__share-label\">Share<\/span>\n\t\t\t<span class=\"social-share-button__copy-label\" hidden>Copy Link<\/span>\n\t\t\t<span class=\"social-share-button__copy-tooltip\" aria-hidden=\"true\" hidden>Copied<\/span>\n\t\t<\/button>\n\n\t\t\t\t<\/div>\n\t<\/div>\n<\/header>\n\n\n\n<div class=\"wp-block-post-author\">\n\t\t\t<div class=\"co-authors\">\n\t\t\t\n\t\t<div class=\"entry-author-wrapper\">\n\t\t\t<a class=\"entry-author\" href=\"https:\/\/www.sage.com\/en-za\/blog\/author\/warren\/\">\n\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"40\" height=\"40\" src=\"https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2021\/04\/warren-350x350.jpg\" class=\"entry-author__image\" alt=\"\" srcset=\"https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2021\/04\/warren-350x350.jpg 350w, https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2021\/04\/warren-766x768.jpg 766w, https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2021\/04\/warren-808x810.jpg 808w, https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2021\/04\/warren-768x770.jpg 768w, https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2021\/04\/warren.jpg 1429w\" sizes=\"auto, (max-width: 40px) 100vw, 40px\" \/>\t\t\t\t<span class=\"entry-author__name\">Warren<\/span>\n\t\t\t<\/a>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t<\/div>\n\t\t<\/div>\n\n\n\n<p>The 12-month grace period for South African businesses to comply with the Protection of Personal Information Act (POPIA) ends on 30 June 2021.<\/p>\n\n\n\n<p>Whether your business is listed as a corporate or sole proprietor, the legislation is binding, with non-compliance penalties of up to R10 million or 10 years in jail. That\u2019s motivation enough to get your personal information records in order.<\/p>\n\n\n\n<p>As a small business, a personal data breach, the primary blunder that POPIA seeks to mitigate against, can negatively impact your brand, resulting in a loss of trust and sales. Protecting the personal data that you process is no longer an option \u2013 it\u2019s business-critical.<\/p>\n\n\n\n<p>The good news is that there are a few steps you can take as a small business owner that\u2019ll move you closer to POPIA compliance and significantly reduce the chances that you suffer a personal data breach.<\/p>\n\n\n\n<p>In understanding what follows, keep in mind that \u2018personal data\u2019 relates to the processing (generally collection, sharing, or storage) of information for both natural and juristic persons. In other words, you need to protect the data of your employees and customers, as well as your suppliers and business partners.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-collect-quality-data\"><strong>Collect quality data<\/strong><\/h2>\n\n\n\n<p>POPIA has <a href=\"https:\/\/www.popiact-compliance.co.za\/popia-information\/17-conditions-for-lawful-processing-of-personal-information\">eight conditions<\/a> that need to be met when processing personal data. There\u2019s a fair amount of legalese and overlap in these conditions, but the consistent message is to <strong>be purposeful about how you process personal data and transparent about your motives for doing so<\/strong>.<\/p>\n\n\n\n<p>Accuracy in data collection and processing is paramount because, under POPIA, the person whose information you hold has the right to request their \u2018file\u2019 at any time. If their record is inaccurate, outdated, or incomplete, it could invite investigation into your POPIA compliance, which could impact your reputation.<\/p>\n\n\n\n<p>For the sake of compliance and perception, then, a simple but systematic records management plan should be put in place, detailing how you\u2019ll go about collecting information, how it\u2019ll be processed, which details are required (age, gender, race, address, etc.), how long records will be kept, how you\u2019ll dispose of redundant data, and who will champion the implementation of the plan (POPIA requires you to appoint an information officer). There are also numerous <a href=\"https:\/\/www.softwareadvice.com\/za\/cms\/records-management-comparison\/\">record management software solutions<\/a> that you could consider.<\/p>\n\n\n\n<p>Why would you make the effort to capture and process personal data in the first place?<\/p>\n\n\n\n<p>One of the main attractions is being able to communicate with your target market effectively to drive sales; email marketing remains one of the most powerful tools for small business growth. In order to contact customers through such channels, you\u2019ll need to have a record of where their personal data was collected from (website, competition, or tradeshow) to show that the target gave you permission to contact them. Without that paper trail, you\u2019ll be non-compliant and vulnerable to penalties.<\/p>\n\n\n\n<p><strong>Sidebar:<\/strong> As a result of POPIA, we should all be receiving fewer cold calls once the grace period comes to an end. Thank goodness for that.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-store-in-the-cloud\"><strong>Store in the cloud<\/strong><\/h2>\n\n\n\n<p>The safety of the personal data you process is largely dependent on where it\u2019s stored.<\/p>\n\n\n\n<p>Using a decentralised system \u2013 where data is spread out over numerous hard drives, or in physical draws and folders \u2013 is inefficient and dangerous because it makes it easier for you to lose that information, and easier for others to access it.<\/p>\n\n\n\n<p>Choosing instead to store all personal data you collect and process in the cloud comes with the following advantages:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Cloud service providers are increasingly using AI to conduct ongoing security analysis<\/li>\n\n\n\n<li>Built-in firewalls improve network security<\/li>\n\n\n\n<li>Data is backed up at multiple locations in case of disaster<\/li>\n\n\n\n<li>Access to data in the cloud can be restricted to only the employees who need it<\/li>\n<\/ul>\n\n\n\n<p>Because you\u2019ll now be required to divulge personal information upon request from the subject, having all their data in one place, organised in an orderly fashion, will also reduce the amount of time you spend dealing with such requests.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-let-the-upgrade-run\"><strong>Let the upgrade run<\/strong><\/h2>\n\n\n\n<p>You may think that small businesses like yours won\u2019t attract the attention of hackers. You\u2019d be wrong. They know that bigger businesses have the resources to protect their data; small businesses are an easier target because data security and protection often play second fiddle to the more pressing issues small business owners must conquer on a daily basis.<\/p>\n\n\n\n<p>The nefarious ingenuity of those trying to commandeer your personal information means that your software providers constantly refresh their embedded security measures to keep your data safe. But if you don\u2019t run your software updates when they\u2019re released, your systems become temporarily vulnerable to attack.<\/p>\n\n\n\n<p>Keep in mind that the cybersecurity resilience of your business is only as strong as the weakest link; if a hacker gains access through a poorly protected device, they can move through your network quickly. That means you need to have up-to-date software across all the devices used to keep your business running, including laptops, mobiles and tablets.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-nbsp-educate-your-employees\"><strong>&nbsp;<\/strong><strong>Educate your employees<\/strong><\/h2>\n\n\n\n<p>Human error is one of the biggest risks when it comes to protecting your business against a personal data breach. In the course of business, employees will have access to all kinds of sensitive information that, with or without them being complicit, could end up in the wrong hands.<\/p>\n\n\n\n<p>It follows that your employees must be made aware of their obligations under POPIA, and what threats they are likely to face from the hacking underworld. This can be done via <a href=\"https:\/\/www.popipack.co.za\/training\/\">e-learning courses<\/a> that are affordable and time conscious. But if you simply make data protection an item on your weekly or monthly agenda, so that it remains front-of-mind, your employees will be better able to spot the majority of circulating scams.<\/p>\n\n\n\n<p>Making your business POPIA-compliant will take some work. But with a little perseverance in inputting the above measures into place, data protection will become second nature within your organisation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-sage-popia-legal-disclaimer\"><strong>Sage POPIA legal disclaimer<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The information contained on this website is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice.<\/li>\n\n\n\n<li>We would like to stress that there is no substitute for customers making their own detailed investigations or seeking their own professional advice if they are unsure about the implications of the POPIA on their businesses.<\/li>\n\n\n\n<li>Sage will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise, from the use of or reliance on this information or from any action or decisions taken as a result of using this information.<\/li>\n<\/ul>\n\n\n<div class=\"single-cta\">\n\t<div class=\"single-cta__positioner\">\n\t\t<div class=\"single-cta__wrapper has-dark-background-color\">\n\t\t\t<div class=\"single-cta__content\">\n\t\t\t\t\t\t\t\t<h2 class=\"single-cta__title h3\">Subscribe to the Sage Advice enewsletter<\/h2>\n\n\t\t\t\t\t\t\t\t\t<div class=\"single-cta__description\">\n\t\t\t\t\t\t<p>Get a roundup of our best business advice in your inbox every month.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a\n\t\t\t\t\t\thref=\"#gate-84fe79b5-668d-41f8-a0cc-6229018c4ac9\"\n\t\t\t\t\t\tclass=\"single-cta__button button button--primary\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t>Subscribe<\/a>\n\t\t\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t<img decoding=\"async\" width=\"1440\" height=\"810\" src=\"https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2022\/04\/GettyImages-1181404518-1440x810.jpg\" class=\"single-cta__image\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2022\/04\/GettyImages-1181404518-1440x810.jpg 1440w\" sizes=\"auto, (min-width: 48em) 33vw, 100vw\" \/>\t\t\t<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The 12-month grace period for South African businesses to comply with the Protection of Personal Information Act (POPIA) ends on 30 June 2021. Whether your business is listed as a corporate or sole proprietor, the legislation is binding, with non-compliance penalties of up to R10 million or 10 years in jail. That\u2019s motivation enough to [&hellip;]<\/p>\n","protected":false},"author":1225,"featured_media":69034,"menu_order":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sage_video":false,"post_featured_image_hide":false,"footnotes":""},"categories":[35],"tags":[321],"business_type":[2],"lilypad":[],"context":[],"industry":[],"persona":[16],"imagine_tag":[85],"coauthors":[440],"class_list":["post-69028","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-compliance","tag-compliance","business_type-small-business"],"sage_meta":{"region":"en-za","author_name":"Warren","featured_image":"https:\/\/www.sage.com\/en-za\/blog\/wp-content\/uploads\/sites\/9\/2021\/05\/iStock-1210684755.jpg","imagine_tags":{"85":"Small business"}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Sage Advice South Africa","distributor_original_site_url":"https:\/\/www.sage.com\/en-za\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/posts\/69028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/users\/1225"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/comments?post=69028"}],"version-history":[{"count":0,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/posts\/69028\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/media\/69034"}],"wp:attachment":[{"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/media?parent=69028"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/categories?post=69028"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/tags?post=69028"},{"taxonomy":"business_type","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/business_type?post=69028"},{"taxonomy":"lilypad","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/lilypad?post=69028"},{"taxonomy":"context","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/context?post=69028"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/industry?post=69028"},{"taxonomy":"persona","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/persona?post=69028"},{"taxonomy":"imagine_tag","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/imagine_tag?post=69028"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.sage.com\/en-za\/blog\/api\/wp\/v2\/coauthors?post=69028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}