Connect with us


Experts Advise African Firms Processing EU Personal Data



Experts Advise African Firms Processing EU Personal Data

By Dipo Olowookere

A piece of advice has been given to organisations in Africa processing the personal information of data subjects from within the European Union (EU).

At an event hosted by Baker McKenzie and Cognia Law in Johannesburg, Head of the Technology, Media and Telecommunications Practice Group at Baker McKenzie in Johannesburg, Mr Darryl Bernstein, warned organisations doing such to already have effective General Data Protection Regulation (GDPR) compliance procedures in place, including Data Breach Security Checklists, impact assessments and subject data requests procedures.

Mr Bernstein said this due diligence is not only required by the GDPR regulation but can significantly reduce the risks associated with security breaches, raise awareness of the GDPR and ensure that companies have appropriate technical and organisational measures in place to comply with the legislation.

He further said it was essential for organisations to have a General Data Protection Regulation (GDPR) Data Security Breach Checklist in place to assess the risks of a data security breach and to implement a plan to contain and manage any data breaches.

Mr Bernstein noted that the first step on any organisation’s GDPR Data Security Breach Checklist should be to assess the risks associated with a data security breach.

“It is essential to know whose data might have been disclosed, what type of data has been breached and if it contains sensitive information.

“Affected organisations should also asses the volume of data disclosed and if any of the data has been lost or damaged. The cause of the breach and where in the world the breach occurred must also be investigated,” he said.

Mr Bernstein explained that step two on the Checklist should be to contain the breach and recover the data.

“Organisations who have fallen victim to a data breach must establish who will investigate the breach, who will assist with the containment of the breach and/or the recovery of information and if action should also be taken to prevent the breach from recurring. This is also the time to inform the police, if appropriate to do so,” the data expert said.

During step three, organisations must notify all data subjects who have had their private information breached.

“According to the GDPR, notification must take place without undue delay and no later than 72 hours after the breach has occurred. The nature and scope of the breach, as well as its consequences and the measures taken to rectify it, must also be disclosed to affected data subjects,” he said.

Mr Bernstein explained that South African organisations will have to have a similar checklist in place in order to comply to the soon to be implemented Protection of Personal Information Act (POPIA).

POPIA stipulates that a data breach must be notified as soon as reasonably possible after the discovery of the compromise, considering the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and to restore the integrity of the responsible party’s information system.

To assist organisations in the event of a data breach, Baker McKenzie recently launched a mobile application called “Data Breach 72”. This app, which is available in English and French, allows organisations to identify the existence of a data breach, within the scope of application of the GDPR; establish whether it is necessary to notify the competent supervisory body; and prepare an initial draft of this notification. The app forms part of Baker McKenzie’s innovation programme, which aims to rethink the way in which lawyers deal with the challenges their clients are facing.

The final step in Checklist includes a thorough evaluation of the breach. “Once the first three steps are complete, organisations must investigate whether employees were responsible for the breach and if disciplinary action is required. If a third party was involved, the contract should be checked for damages provisions and an impact assessment undertaken. Lastly, organisations must review their procedures and ensure their data is secure going forward,” he said.

Also, partner in Baker McKenzie’s Corporate/M&A practice and TMT specialist, Janet MacKenzie, noted that, “The GDPR further requires organisations to complete a Data Protection Impact Assessment prior to the processing of private information, where the processing is likely to result in a high risk to the rights and freedoms of natural persons.

MacKenzie said it is essential to conduct an Impact Assessment of third parties that process high-risk company personal data, to determine their awareness of GDPR and to ensure that they have appropriate technical and organisational measures in place to comply with the legislation.

For high-risk third parties, audit partners should be identified for the assessment of processes and to determine if on-site audits are required. It is worth noting that the requirements of the GDPR stipulate that data processing can only be outsourced to a third party if the processor guarantees conformity with the requirements of the GDPR.

Janet Taylor Hall, CEO of Cognia Law, explained further, “There were two operational areas where clients tend to underestimate the impact assessment efforts around GDPR –  the first being adequately preparing to deal with a data breach when it happens and the second is subject data requests, which can in themselves lead to a breach if not handled appropriately.”

“Right of access is a core principle of the GDPR. Individuals have the right to access their personal data and supplementary information at any time. In responding to these data requests in time (30 days), it is also important that no data is shared that belongs to another individual or that contains intellectual property or trade secrets,” she said.

“Putting a robust subject data request capability in place is an important part of the on-going GDPR compliance support we offer our clients”, highlighted Justin Ridl, Global Head of Legal Services, Cognia Law.

Dipo Olowookere is a journalist based in Nigeria that has passion for reporting business news stories. At his leisure time, he watches football and supports 3SC of Ibadan. Mr Olowookere can be reached via

Continue Reading
Click to comment

Leave a Reply


MTN Partners Huawei to Deploy Premium Wi-Fi Service in Nigeria



MTN Group Premium Wifi service

By Modupe Gbadeyanka

To improve the experience of end-users on its network, MTN Nigeria has partnered with Huawei to launch a premium Wi-Fi service in the country.

According to MTN Nigeria’s Chief Technical Officer, Mr Mohammed Rufai, the deployment of the premium Wi-Fi is geared around delivering a superior user experience with high technology.

He stated that this also became necessary due to an increase of smart home device quantiles and new types of services such as video clips and online games which demand a better home network quality.

MTN is working with Huawei on an Autonomous Driving Network project, including various innovative practices such as target architecture design, autonomous level evaluation and high-value use-cases of autonomous networks.

“Home network experience has become a vital area in improving network quality for us. In addition, we want to solve problems such as Wi-Fi interference, coordination between home network terminals and Wi-Fi coverage which occurs frequently and leads to a large proportion of user complaints,” Mr Rufai said.

 “With this, we can proactively identify and accurately locate fault points on home networks. It will help us to improve O&M efficiency and reduce customer complaints,” says Daniel Smith, a senior engineer with the MTN Group.

“In the future, MTN and Huawei will implement more innovations regarding network automation and intelligence, quickly deploy them on the live network to promptly deliver superior user experience of high tech,” he concluded.

The premium Wi-Fi can play back the historical home Wi-Fi performance in the last seven days. It demarcates faults based on speed tests by segment and diagnoses major issues in just one click to rectify problems in the cloud.

Besides, with the self-trouble shooting function on the mobile app, home broadband users are able to solve certain network problems by themselves, allowing them to manage the broadband performance much easier.

Continue Reading


Cyber Attacks: Africa Must Encourage Digital Skills Development—Experts



Adopt Digital Skills

By Aduragbemi Omiyale

Urgent steps must be taken by African leaders to encourage general digital skills to tackle cyber-attacks and crimes on the continent, some experts in the industry have advised.

Speaking at the April edition of the Information Security Society of Africa – Nigeria (ISSAN) event, the stakeholders warned that if efforts are not taken, the governments, citizens and businesses may suffer “catastrophic consequences.”

It was stressed that at the moment, Africa is struggling to match its counterparts in the other parts of the globe due to a shortage of general digital skills caused by brain drain.

At the workshop themed Addressing the Cybersecurity Skills Quagmire, the founder/CEO of Digital Jewels, Mrs Doyin Odunfa, in her presentation, lamented that the shortage of general digital skills at all levels is expected to become more critical as economies grow, noting that the supply of digitally skilled labour must also increase to meet anticipated labour market needs.

She observed that highly skilled African professionals have been emigrating from African countries to pursue lucrative cultural and socio-economic opportunities on other continents leading to a brain drain and skills gap on the continent.

Whilst proffering solutions, she recommended intentional development of digital skills at all levels, smart technology support, collaboration with the Diaspora and strategic supply to Africa and Western economies.

“These young Africans are looking for higher-paying jobs outside Africa to escape socio-economic limitations such as poverty, limited infrastructure, and rudimentary jobs.

“They look for enabling environments in developed countries that provide rewarding businesses and obtain lucrative jobs, matching skilled individuals’ aspirations and expected socio-economic recompense.

“Many highly talented African students that obtain opportunities and scholarships of training abroad do not return home after completing studies,” Mrs Odunfa stated.

In his welcome address, the president of ISSAN, Mr David Isiavwe, said the brain drain in Africa as well as the digital skills shortage currently being experienced around the world calls for concern.

According to him, “The cyber threat landscape is still evolving. The cybersecurity space keeps getting very busy by the day. We have seen how daring cybercriminals can be, targeting both national assets and highly reputable firms. Even individuals are not left out.

“Consequently, it becomes imperative that organizations never relent in upholding and reinforcing information security best practices.”

The Chief Information Security Officer (CISO) of Stanbic IBTC, Abumere Igboa; CISO of Heritage Bank, Eduje Ighoakpo; CISO of First Bank, Harrison Nnaji; CISO of Standard Chartered Bank, Oghenefovie Oyawari and the Chief Technical Officer (CTO) of Digital Jewels, Tokunbo Taiwo, were the other speakers at the gathering.

ISSAN is a not-for-profit organization dedicated to the protection of Nigeria’s cyberspace. It is significantly involved in ensuring the security of banking systems and applications, ATMs, e-government systems, and the entire cyberspace in Nigeria.

The group also seeks to achieve its objectives through awareness heightening measures including the promotion of appropriate legislation and best practices.

Membership cuts across both public and private sectors of the economy including Banks, Telecommunications Operators, Government parastatals, switching companies, IT and IT security consultancies, Legal Practitioners with a keen interest in cyber-related matters, and regulators.

Continue Reading


Interswitch Receives Fresh Funds from LeapFrog, Tana




By Adedapo Adesanya

LeapFrog Investments (LeapFrog) and Tana Africa Capital (Tana) have invested in Interswitch, one of Africa’s technology-driven companies focused on the digitisation of payments.

In a joint statement from both companies, the exact amount was not disclosed, but it was stated that the investment will assist in supporting the company’s drive to advance the payment ecosystem across the continent.

A portion of the investment has been acquired from existing shareholders, with Ignite Holdco Limited, made up of Helios Investment Partners and TA Associates, remaining the largest shareholder in the business following the transaction.

Interswitch Group CEO, Mr Mitchell Elegbe, in a statement, said the company was “excited to welcome LeapFrog and Tana on board, as we continue our work to advance the future of the African payments landscape.”

This will further advance its offerings after it launched some new products in March.

The services unveiled include an enhanced Biometrics feature for Point of Sale (PoS) terminals & Automated Teller Machines (ATMs); Tokenization, and Card Fusion, with the services addressing digital payment fraud, problems with card issuance and portfolio management.

Interswitch, in collaboration with SterlingPRO, designed the Biometrics on Point of Sale (PoS) and Automated Teller Machines (ATMs) to protect customers against digital payment fraud and to avail them faster and more convenient ways to validate payments. The solution utilizes physiological features unique to everyone such as fingerprints, voice, and facial features to verify payment transactions.

Tokenization on the other hand replaces sensitive data such as the 16-digit account information with a unique digital identifier known as a token. Tokenization will enable merchants to fast-track and collect payment seamlessly, enabling customers to check out faster in-store, in-app and online.

In addition, Card Fusion is a web-based instant card issuance platform that enables banks to conclude new card production requests and issue cards within a very short time, thus enhancing their customers’ experience while customers get to personalize their cards instantly.

Interswitch is one of Africa’s largest electronic payments and infrastructure companies and services providing online banking system offerings in areas like point-of-sale terminals, online consumer payment platforms, Quickteller, and Verve, the biggest domestic debit card scheme in Africa, issuing over 35 million active cards since launch.

Continue Reading

Latest News on Business Post

Like Our Facebook Page

%d bloggers like this: