Data protection: SA companies need to take a global stance

Featured

how-to-comply-with-the-data-protection-act-457501399With the implementation of the EU’s data protection laws just around the corner, local entities need to study up on how it could affect them.

D-day for implementation of the European Union’s (EU) General Data Protection Regulation (GDPR) is just three months away – and South African organisations are by no means off the hook.

If you are a South African entity that handles individuals’ personal data, you will be acutely aware of our country’s data protection law – the Protection of Personal Information (POPI) Act – but have you considered how the looming GDPR affects the way you manage clients’ personal information?

The fact of the matter is, if you are a locally-based business that offers goods or services to EU customers, you also deal with personal information or data relating to EU citizens’ – and you are just as responsible for complying with the GDPR as any EU business.

Leon van der Merwe, head of digital at customer communication firm PBSA, points out that any entity controlling or processing data relating to EU citizens is affected by the GDPR. “Controlling refers to any organisation that states why and how data is processed, while a processor is any party doing the actual processing of the data, whether based in the EU, or not.”

GDPR vs POPI

Van der Merwe says it is crucially important for local companies with dealings abroad to do their homework and familiarise themselves with the GDPR’s ground rules. “Companies could be fined heavily under GDPR regulations if they fail to provide evidentiary and auditable processes, as well as adequate IT security, to protect personal data.”

The GDPR is a regulation borne out of the European Parliament, Council of the European Union and European Commission’s joint intent to strengthen and unify data protection EU citizens.

Non-compliance with the GDPR comes with a hefty fine of up to €20 million (about R290 million) – or 4% of annual sales.

Similar to SA’s POPI Act, the GDPR is all about data protection. Data includes things like a person’s name, email address and phone number, as well as information collected by website cookies like internet browsing habits.

Breaching rules laid out in the POPI Act comes with a R10 million fine and/or a jail sentence.

Van der Merwe summarises the parallels between the two data-protection directives: “POPI and GDPR are similar, in that they both aim to strengthen the protection of personal information. They differ in their approach, in that the GDPR takes a wider, more global perspective that includes anyone, anywhere either controlling or processing – or both – data relating to EU citizens.”

Auditable business processes

A big part of compliance, when it comes to both the POPI Act and the GDPR, specifically involves audit trails – something PBSA’s digital signature and workflow product, SignFlow, is heavily centred on.

For evidentiary purposes and in order for any company to assert GDPR compliance, the automated management of an audit trail is imperative.

Van der Merwe says SignFlow is can assist customers in their strategy to automate and digitise processes in a responsible and compliant manner. “Business Process Automation is at the forefront of our technology development at SignFlow, including tools like DocFlow, CaseFlow and our digital customer on-boarding tools.”

At the core of SignFlow, he says, is Public Key Infrastructure (PKI). “PKI manages users’ private keys, and signs and secures documents using Public Key Cryptography. Not only does this make documents tamper-evident after they’ve been signed, but the entire operation is conducted in a secure network over encrypted secure socket layers between the public, personal devices and private servers.”

Unlike paper files and systems managing email attachments, this portal fully controls and audits the workflow and communication channels between interacting parties. “This greatly reduces the risk of data leaks,” says van der Merwe.

“The system enhances non-repudiation, creating a digital trail of undeniable events that prove intent and identity.”

With GDPR set to come into effect on 25 May 2018, and the high stakes attached to non-compliance, South African companies simply cannot afford not to take a global view on data protection. “The protection of personal information goes far beyond just the POPI Act for local companies dealing with international customers,” says van der Merwe.

 

[REFERENCES]

  1. Digiday – For the GDPR-curious: WTF is the Article 29 Working Party?
  2. The Digiday Guide to GDPR (PDF)
  3. The Sun – What is GDPR, what does it stand for, when is the deadline in 2018 and how can you check if a business is compliant?
  4. Michalsons – What does the GDPR mean for the POPI Act?
    POPI commencement date or POPI effective date starts the clock
  5. Wikipedia – General Data Protection Regulation
  6. IOL – Protection of Personal Information Act soon to become a reality
  7. ITWeb – Unpacking the POPI Act: The ins and outs of protecting personal information

SignFlow ties up with Accfin to digitise accounting processes

Featured

The integration of two state-of-the-art software platforms transports the accounting profession into a new world of digitisation.

Digital signature workflow solution SignFlow and accounting software firm Accfin have integrated their respective software platforms, in a move that places the accounting profession securely in a new and exciting world of digitisation.

Accfin, a local software firm leading the way in automation of back-office systems for accounting and auditing companies, grew out of an accounting firm over 20 years ago. The recent tie-up with SignFlow – a locally developed and internationally recognised digital signature solution – essentially automates the entire communication process involved in the accounting practice.

Leon van der Merwe, head of digital at SignFlow parent company PBSA, explains, “By using the SignFlow feature in Accfin software, you eliminate the need for print, courier and e-mailing of sensitive documents to customers – and then having to wait days, even weeks for a response.

“SignFlow is built on a powerful, digital workflow engine that tracks progress and instils accountability and auditability. Apart from the obvious environmental advantages the solution offers, the value of saving time through increased efficiency, is most valuable to accountants, who work under tremendous time pressure.”

Accfin MD Mark Silberman says the integration with SignFlow “changes the state of play” in the accounting market place. “It automates the communication process. Our software allows accounting firms to communicate with their clients. The integration of SignFlow with [Accfin’s] Sky Software allows the customers of the accountant to authorise the filing of tax returns and approve company resolutions.”

Accfin, which strives to provide state-of-the-art back office systems to South African accounting firms, currently provides automation software across the sector – from large international firms, to small sole practitioners.

Van der Merwe says SignFlow is proud to be associated with Accfin Software – a company that is “definitely leading the way in automating back office systems for accounting and auditing firms”.

“SignFlow is fast becoming the most trusted digital signature workflow solution in South Africa, especially within the auditing and financial sectors,” concludes Van der Merwe.

Draftworx, SignFlow integration yields SA first

Featured

A recent partnership between the two software platforms brings a cutting-edge automation solution to the accounting and auditing industry.

In a move that has seen the birth of cutting-edge technology – the first of its kind in South Africa – SignFlow has partnered with Draftworx, addressing a critical need identified among auditors and corporate companies that draft financial statements.

Draftworx provides automated drafting and working paper financial software to more than 2 500 accounting and auditing firms. The company went to market six and a half years ago, bringing the industry easy-to-learn and easy-to-use automation software, which allows  accountants and auditors to generate International Financial Reporting Standards  (IFRS)/IFRS SME compliant financial statements and ISA audit, review, and compilation engagement compliance.

According to Leon van der Merwe, head of digital at SignFlow parent company PBSA, the integration between the two software platforms came about when a massive need among auditors and corporates that prepare their own financial statements was identified – that of automating and digitising the process of getting financial statements and engagement documents signed off by company directors.

“Auditors can now automate and digitise their document delivery processes using the DigiSign module in the Draftworx platform to distribute documents electronically for customers to sign, using legally binding SignFlow digital signatures. The distribution and signing process is completely digital and auditable, entirely removing the need to print, scan and deliver paper-based financial statements and engagement contracts.”

Draftworx CEO Earl Steyn says the company, which aims to be in the cloud by year-end, sees SignFlow becoming one of its core technologies and marketing advantages. “Accountants and auditors can reduce time wastage – as well as waiting periods – by having their clients sign all their documentation offsite and at their leisure.”

Steyn adds his experience with SignFlow – a locally developed and internationally recognised digital signature and workflow solution – has been “phenomenal”. He says the team pays attention to detail and is willing to customise SignFlow to Draftworx and its clients’ requirements.

Van der Merwe says the SignFlow team is proud to be associated with Draftworx software, “which is leading the way in IFRS/IFRS SME compliant financial statements and ISA audit software in South Africa and across Africa”.

ACS partnership bolsters digital certificate security

Featured

SignFlow has teamed up with Altech Card Solutions to offer Thales hardware security modules to its digital signature customers.

In a move that will see users’ private keys and personal digital certificates receiving a serious security boost, SignFlow has partnered with Altech Card Solutions (ACS), a division of Altron TMT, to offer Thales HSMs (hardware security modules) to digital signature customers.

Using SignFlow’s PKCS#11 cryptographic interface, SignFlow uses Thales NShield Connect HSMs to perform highly specialised cryptographic operations, and to fully manage and secure private keys and personal digital certificates.

Head of digital at SignFlow’s parent company PBSA, Leon can der Merwe, says the partnership with ACS sees SignFlow extending its integration reach to include the Thales NShield range of network attached, FIPS 140-2 Level 3 HSMs.

“Apart from deploying the NShield devices in the highly-secure SignFlow Cloud, we now also offer the NShield range to corporate customers who would like to localise and manage their SignFlow private keys in private data centres.”

The SignFlow HSMs are directly integrated with multiple local and global CA’s (Certificate Authorities) to offer stringent, legally compliant Advanced Electronic Signatures (AES), Qualified Electronic Signatures (QES) and Adobe Approved Trust List (AATL) certificates, which are applied to documents through its digital signature application.

A division of Altron TMT (Pty) Ltd, ACS was formed in 1993 and is today firmly established as a leading player in the secure electronic transactions market.

It is Thales’ established track record in the payments security space and global footprint in hardware and software encryption solutions that makes this partnership so advantageous, says ACS.

SignFlow, an enterprise-class digital signature and document workflow application, was born in a digital era that has seen new business opportunities emerging as paper-based systems are replaced by digital platforms.

SignFlow digital signatures are powered by robust public-key infrastructure (PKI) technology, which is recognised as best practice for ensuring digital accountability. SignFlow digital signatures offer an effective, secure and legally compliant method of providing accountability during electronic transactions.

“Our partnership with ACS will benefit customers across the spectrum – including consumers using SignFlow’s SignFREE to sign documents, businesses using the SignFlow Cloud to distribute documents and government and corporate institutions using SignFlow’s Enterprise Hybrid Servers and Private Network Servers to digitally sign and workflow documents for sign-offs,” says Van der Merwe.

Goodbye ink, hello digital signatures

Featured


With the business world turning increasingly to digitally signed documents, the hand-written signature is on its last legs.

digital-signing

With more businesses and entities than ever before turning to digitally signed documents to solve security issues and improve logistics, the value and lifespan of the hand-written signature has come under serious scrutiny.

While there is a certain sentimentality – perhaps an emotional attachment bred at school level – still attached to an individual’s unique autograph, there are overarching ideals that suggest a future without it.

In fact the hand-written or ink signature has, in recent times, been likened to landline telephones and typewriters – age-old tools that, beyond their nostalgic appeal, are on their death bed. In the corporate world, which is increasingly aspiring towards a paperless future, pen-and-paper signing has been dubbed the enemy.

Leon van der Merwe, head of digital at PBSA and co-founder of South African based digital signature solution SignFlow, believes the hand-written signature’s time is slowly but surely coming to an end. “Ink signatures have been a part of human culture for aeons and, for their time, they had their place. But with today’s technology, there is no reason for us to hang on to something that, for all intents and purposes, is about as dependable as a fake Facebook profile.”

Ink signature snags

Van der Merwe points out the biggest problem with hand-written signatures is that they can easily be forged. “There are a number of ways in which digital signatures trump hand-written ones, but the most significant and compelling feature of digital above ink is that of security.

“Digital signatures use a cryptographic operation that creates a hash-code, which is unique to both the signer and the content. It cannot be copied, forged or tampered with. The whole process provides irrefutable proof of the signer’s identity, protects the data integrity of the document and provides non-repudiation of signed documents.”

Apart from ink signatures being prone to forgery, a general attitude of inattentiveness has crept in over the years, making them quite literally a joke. This is most applicable when it comes to transaction authorisation.

“When last did you notice a waiter or retail clerk checking the signature you pen on the receipt? And do you always sign legibly and consistently?” asks Van der Merwe.

As far back as 2001, Internet humourist John Hargrave experimented with this notion in a credit card prank in which he forged outlandish signatures on receipts. He reportedly signed receipts with, among others, “Mariah Carey”, “Beethoven” and “I stole this card”. Hargrave even signed in hieroglyphics. None of the merchants noticed. (Hargrave recounts his famous Credit Card Prank in his 2007 book, Prank the Monkey)

‘Sign here’ has been replaced with ‘Click here’

Former US president Bill Clinton lent credence to the solidity of signing digitally in 2000, when he signed the first US bill into law electronically.

Renowned Amercian business magazine, Forbes, begins its article on Clinton’s watershed signing with the line, “‘Sign here’ has just been replaced with ‘click here’.”

Another turning point in the life of the digital signature took place earlier this year, in July, when the European Union effected new guidelines for electronic signatures, giving them the same legal power as hand-written signatures.

“The benefits of employing digital business processes far outweigh the paper-reliant processes of days gone by and it’s only a matter of time before digital signatures take over from their expiring ink-on-paper counterparts,” says Van der Merwe.

Not only are digital signatures undeniably more secure and unable to be forged, he concludes, they are legally sound. “Importantly, they also create a digital audit trail and they don’t rely on filing, printing, scanning or back-and-forth emailing – paper-based processes that cost companies profoundly, in terms of both time and money.”

REFERENCES

SignFlow

The Verge

New Republic

Forbes

Credit vetting – an essential key to SME success

Featured

credit-vet

For SMEs, sound risk management via credit vetting is not only advisable, it is absolutely essential.

Wasting precious time and resources chasing down debtors for money is not only undesirable for any business, it can be downright destructive. The good news is, there is a way to avoid this – and it is inexpensive and painless. Two words: credit check.

If you are in business, you will know that cash flow is king. This is especially true in the in the small to medium enterprise (SME) environment, where finances are particularly tight. Clients that default on payments can – and inevitably do – seriously jeapordise the success of your company.

A foolproof way to protect your business – and ultimately boost its financial fitness – is through consistent credit vetting.

Credit vetting is simply the process of affirming the credit worthiness of customers in terms of financials. Checking the credit status of your clients greatly minimises uncertainty around whether your invoices will be paid, as it provides an overview of their credit rating and reveals whether there are any judgements against them, or whether they have defaulted on payments in the past.

Simple step towards success

According to Leon van der Merwe, senior business development manager at customer communications firm PBSA, the percentage of small simply overlooking this critical process is staggering.

“Simply taking the steps to check the credit status of companies and directors before doing business with them is straightforward, very affordable and it could make all the difference.”

A detailed credit application document with the correct capture information, credit vetting consent and related terms of agreement will protect the financial wellbeing of your organisation, he adds.

All of this can be easily accessed via pbVerify, a PBSA product that offers a user-friendly online credit vetting service. Specifically for small to medium sized businesses, pbVerify is connected to all major credit bureaux and credit data providers and is credible and accurate.

“Neglecting this crucial step towards managing a successful business can cost you profoundly. Having an overview of the credit worthiness of potential customers, on the other hand, will help you make better decisions, in turn saving you time, trouble and money,” concludes Van der Merwe.

For a comprehensive view of all pbVerify’s vetting solutions, please visit www.pbverify.co.za

Tackling security in an IoT world

Featured

eepublishersPublished by EE Publishers on 20 September 2016

The internet of things is here – and it is bigger than we could have imagined – is your business ready?

The internet of things (IoT) is undeniably one of this century’s biggest phenomena in terms of ubiquitous impact and, while the implications associated with this technological wave are varied, one of the most crucial – if not the most crucial of these – centres around security.

Type the words “IoT and…” into your Google search engine bar, and one of the first phrases that comes up in the dropdown menu is “IoT and security”, says Leon van der Merwe, head of digital at customer communications firm PBSA. Security is a huge concern for businesses when it comes to this emerging network of connected things. Even with the strides made in cultivating a secure internet, this vast entity is just not 100% secure.

By nature, he says, the internet is arguably impossible to fully secure – and is becoming considerably more complex as the human race starts connecting everyday hardware devices. “We are basically building an internet of any and everything.”

And, contrary to common belief, South Africa is not playing catch-up to such an extent that local businesses need not be concerned. The IoT may not be as mainstream in South Africa as it is in other, developed countries, but it is fast heading that way. Any business that even remotely values its security would be making a grave mistake by not heeding the red flags inherent in the IoT.

In fact, according to a recent International Data Corporation (IDC) report – The Internet of Things in Africa – the market for connected devices in the country will account for $2-billion of the global total value ($1,7-trillion) by 2020. As for the continent as a whole, the research firm says Africa is likely to house around one billion connected devices by the turn of the decade.

A 2015 survey revealed that 33% of South African enterprises are planning major and/or significant investment in IoT over the next three years.

Unprecedented power

We know the IoT is set to explode – globally and on our own doorstep – but we must also consider, when taking security measures, the immense power this thing denoting a connected future holds.

The World Economic Forum (WEF) designates the IoT part of the “Fourth Industrial Revolution” – an era of technological advancement characterised by ubiquitous, mobile supercomputing. Klaus Schwab, founder and executive chairman of the WEF, says the possibilities of billions of people connected by mobile devices, with unprecedented processing power, storage capacity, and access to knowledge, are unlimited.

These possibilities will be multiplied by emerging technology breakthroughs in fields such as artificial intelligence, robotics, the IoT, autonomous vehicles, 3D printing, nanotechnology, biotechnology, materials science, energy storage, and quantum computing.

Given the enormous impact the IoT will have on businesses’ security, Van der Merwe believes local companies need to take security far more seriously. Many of the larger, security-conscious organisations take their security very seriously, but they don’t necessarily have the right strategies in place. When it comes to the so-called midstream businesses in South Africa, these generally have very poorly managed security policies, if any.

Access management

But where does one start when it comes to tackling this giant, looming phenomenon? At ground level, at one of the very core aspects of your connected devices – accessibility.

One of the products PBSA’s software arm, pbDigital, advocates is identity and access management (IAM). IAM outsources all require security requirements to run on the latest international identity and access management on one centralised solution.

Contact Leon van der Merwe, PBSA, Tel 011 516-9459, leon@pbsa.co.za