Cybersecurity Parabellum
Transcript of Cybersecurity Parabellum
Dr Martin KoyabeHead of Technical Support & Consultancy (CTO)
Cybersecurity ParabellumData Protection and Privacy
C3SA | GCSCC | OCSC Constellation Online Webinar
Date: 16 February 2020
© Commonwealth Telecommunications Organisation
• Global Status– Africa and Asia remain with nearly 52% of countries have
established legislations
Data Protection and Privacy Legislation
© Commonwealth Telecommunications Organisation
• Africa (54 Countries)– 28 Countries have
legislation (52%)– 9 Countries have draft
legislation (17%)– 13 Countries have no
legislation (24%)– 4 Countries no
information (7%)
Data Protection and Privacy Legislation
© Commonwealth Telecommunications Organisation
• What is Personal Data?
Data Protection & Privacy | Introduction [1/2]
Personal data:“Any information about a living individual which is capable of identifying that individual.”
Sensitive personal data:“Any information relating to an individual's racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual life, alleged or actual criminal activity and criminal record.”
© Commonwealth Telecommunications Organisation
• What is Data Protection?
Data Protection & Privacy | Introduction [2/2]
Data Protection:“It is about avoiding harm to individuals by misusing or mismanaging their personal data”
• When does Data Protection law/act apply?
If you collect, use, or store personal data then the Data Protection Act or Law applies to you.
© Commonwealth Telecommunications Organisation 6
Steps towards Data Protection & Privacy
• The following 12 tenements MUST be included into the Data Protection & Privacy Law
© Commonwealth Telecommunications Organisation
Why General Data Protection Regulation (GDPR)?
Provides more RIGHTS to Individuals:• Giving Data Subjects more control• Making Data Controllers/Processors more
accountable• Making personal data processing more
transparent• Reducing personal data security
vulnerabilities• Co-operation between Supervisory
Authorities on cross-border processing
© Commonwealth Telecommunications Organisation
GDPR Compliance | Implications to SSA countries
What’s new in GDPR:• Accountability – demonstrating
compliance• Transparency – providing information
pre-processing• Risk-based mandatory data breach
reporting (72 hours) • New and enhanced Data Subject rights• Administrative Fines• Data Protection Officer (DPO) for certain
organisations
© Commonwealth Telecommunications Organisation
GDPR-Like Data Privacy Laws [1/2]
• Lei Geral de Proteçao de Dados (LGPD) (Sep 2020)
• Australia’s Privacy Act (Feb 2018)
• California Consumer Privacy Act (CCPA)
• Act on Protection of Personal Information (May 2017)
• Personal Information Protection Act (PIPA) (Sep 2011)
• Personal Data Protection Act (PDPA) (May 2020)
© Commonwealth Telecommunications Organisation
GDPR-Like Data Privacy Laws [2/2]
• Data Protection Bill – Chile’s Constitution (Mar 2020)
• New Zealand's Privacy Act (Dec 2020)
• Personal Data Protection Law (PDPL)
• Protection of Personal Information Act (POPIA) (Jul 2020)
• Personal Data Protection Bill (PDPB) (Dec 2019)
• Digital Charter Implementation Act (Nov 2020)
© Commonwealth Telecommunications Organisation
• Only 5 African Countries Ratified (Con 108)
Data Protection | Convention 108/108+
Cape Verde
MauritiusRatified (Convention 108+)
Morocco Senegal
Tunisia
© Commonwealth Telecommunications Organisation
• SADC Model Law (2010)
Other Related Conventions
• Malabo Convention
• ECOWASPersonal Data Protection (2010)
• EAC Framework for Cyberlaws (2008)
© Commonwealth Telecommunications Organisation
• Nearly half of the countries lack comprehensive data protection laws
GDPR Compliance Challenges in SSA [1/5]
• Africa (54 Countries)– 28 Countries have
legislation (52%)– 9 Countries have
draft legislation (17%)– 13 Countries have no
legislation (24%)– 4 Countries no
information (7%)
© Commonwealth Telecommunications Organisation
• Implementation is not easy– Conflict between existing Data Protection Laws and
GDPR demands.
GDPR Compliance Challenges in SSA [2/5]
© Commonwealth Telecommunications Organisation
• Lack of adequate resources – Challenges in funding, resource allocation, poorly
skilled staff and inadequate infrastructure.
GDPR Compliance Challenges in SSA [2/5]
• Lack of harmonisation across initiatives– Need for cross border flow of data, across African
countries that supports emerging initiatives, such as Africa Continental Free Trade Area (AfCFTA).
© Commonwealth Telecommunications Organisation
• Enforcement limitation within SSA jurisdictions– Data protection authorities are not issuing enough
legal sanctions and not punitive to deter future violations.
GDPR Compliance Challenges in SSA [4/5]
• Balance between individual data subject rights & public interest or national security– Many governments are deploying surveillance
technologies that trumps individual rights.– COVID-19 challenges in terms of contact tracing
technology etc.
© Commonwealth Telecommunications Organisation
• Technological innovations moving faster than enacted policies and laws – E.g. Use of Artificial Intelligence (AI) to undertake
data processing and decision making. Dealing with new technologies engaged in automated decision making remains a challenge.
GDPR Compliance Challenges in SSA [5/5]
• Political WILL is critical– Leaders MUST champion adherence to the RULE
OF LAW and the HUMAN RIGHT of individuals to personal data protection.
© Commonwealth Telecommunications Organisation
Further Information Contact:
Dr Martin KoyabeEmail: [email protected]
Tel: +44 (0) 208 600 3815 (Off)+44 (0) 774 261 0688 (Mob)
18
Q & A Session