cybersecurity parabellum
TRANSCRIPT
![Page 1: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/1.jpg)
Dr Martin KoyabeHead of Technical Support & Consultancy (CTO)
Cybersecurity ParabellumData Protection and Privacy
C3SA | GCSCC | OCSC Constellation Online Webinar
Date: 16 February 2020
![Page 2: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/2.jpg)
© Commonwealth Telecommunications Organisation
• Global Status– Africa and Asia remain with nearly 52% of countries have
established legislations
Data Protection and Privacy Legislation
![Page 3: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/3.jpg)
© Commonwealth Telecommunications Organisation
• Africa (54 Countries)– 28 Countries have
legislation (52%)– 9 Countries have draft
legislation (17%)– 13 Countries have no
legislation (24%)– 4 Countries no
information (7%)
Data Protection and Privacy Legislation
![Page 4: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/4.jpg)
© Commonwealth Telecommunications Organisation
• What is Personal Data?
Data Protection & Privacy | Introduction [1/2]
Personal data:“Any information about a living individual which is capable of identifying that individual.”
Sensitive personal data:“Any information relating to an individual's racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual life, alleged or actual criminal activity and criminal record.”
![Page 5: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/5.jpg)
© Commonwealth Telecommunications Organisation
• What is Data Protection?
Data Protection & Privacy | Introduction [2/2]
Data Protection:“It is about avoiding harm to individuals by misusing or mismanaging their personal data”
• When does Data Protection law/act apply?
If you collect, use, or store personal data then the Data Protection Act or Law applies to you.
![Page 6: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/6.jpg)
© Commonwealth Telecommunications Organisation 6
Steps towards Data Protection & Privacy
• The following 12 tenements MUST be included into the Data Protection & Privacy Law
![Page 7: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/7.jpg)
© Commonwealth Telecommunications Organisation
Why General Data Protection Regulation (GDPR)?
Provides more RIGHTS to Individuals:• Giving Data Subjects more control• Making Data Controllers/Processors more
accountable• Making personal data processing more
transparent• Reducing personal data security
vulnerabilities• Co-operation between Supervisory
Authorities on cross-border processing
![Page 8: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/8.jpg)
© Commonwealth Telecommunications Organisation
GDPR Compliance | Implications to SSA countries
What’s new in GDPR:• Accountability – demonstrating
compliance• Transparency – providing information
pre-processing• Risk-based mandatory data breach
reporting (72 hours) • New and enhanced Data Subject rights• Administrative Fines• Data Protection Officer (DPO) for certain
organisations
![Page 9: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/9.jpg)
© Commonwealth Telecommunications Organisation
GDPR-Like Data Privacy Laws [1/2]
• Lei Geral de Proteçao de Dados (LGPD) (Sep 2020)
• Australia’s Privacy Act (Feb 2018)
• California Consumer Privacy Act (CCPA)
• Act on Protection of Personal Information (May 2017)
• Personal Information Protection Act (PIPA) (Sep 2011)
• Personal Data Protection Act (PDPA) (May 2020)
![Page 10: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/10.jpg)
© Commonwealth Telecommunications Organisation
GDPR-Like Data Privacy Laws [2/2]
• Data Protection Bill – Chile’s Constitution (Mar 2020)
• New Zealand's Privacy Act (Dec 2020)
• Personal Data Protection Law (PDPL)
• Protection of Personal Information Act (POPIA) (Jul 2020)
• Personal Data Protection Bill (PDPB) (Dec 2019)
• Digital Charter Implementation Act (Nov 2020)
![Page 11: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/11.jpg)
© Commonwealth Telecommunications Organisation
• Only 5 African Countries Ratified (Con 108)
Data Protection | Convention 108/108+
Cape Verde
MauritiusRatified (Convention 108+)
Morocco Senegal
Tunisia
![Page 12: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/12.jpg)
© Commonwealth Telecommunications Organisation
• SADC Model Law (2010)
Other Related Conventions
• Malabo Convention
• ECOWASPersonal Data Protection (2010)
• EAC Framework for Cyberlaws (2008)
![Page 13: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/13.jpg)
© Commonwealth Telecommunications Organisation
• Nearly half of the countries lack comprehensive data protection laws
GDPR Compliance Challenges in SSA [1/5]
• Africa (54 Countries)– 28 Countries have
legislation (52%)– 9 Countries have
draft legislation (17%)– 13 Countries have no
legislation (24%)– 4 Countries no
information (7%)
![Page 14: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/14.jpg)
© Commonwealth Telecommunications Organisation
• Implementation is not easy– Conflict between existing Data Protection Laws and
GDPR demands.
GDPR Compliance Challenges in SSA [2/5]
![Page 15: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/15.jpg)
© Commonwealth Telecommunications Organisation
• Lack of adequate resources – Challenges in funding, resource allocation, poorly
skilled staff and inadequate infrastructure.
GDPR Compliance Challenges in SSA [2/5]
• Lack of harmonisation across initiatives– Need for cross border flow of data, across African
countries that supports emerging initiatives, such as Africa Continental Free Trade Area (AfCFTA).
![Page 16: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/16.jpg)
© Commonwealth Telecommunications Organisation
• Enforcement limitation within SSA jurisdictions– Data protection authorities are not issuing enough
legal sanctions and not punitive to deter future violations.
GDPR Compliance Challenges in SSA [4/5]
• Balance between individual data subject rights & public interest or national security– Many governments are deploying surveillance
technologies that trumps individual rights.– COVID-19 challenges in terms of contact tracing
technology etc.
![Page 17: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/17.jpg)
© Commonwealth Telecommunications Organisation
• Technological innovations moving faster than enacted policies and laws – E.g. Use of Artificial Intelligence (AI) to undertake
data processing and decision making. Dealing with new technologies engaged in automated decision making remains a challenge.
GDPR Compliance Challenges in SSA [5/5]
• Political WILL is critical– Leaders MUST champion adherence to the RULE
OF LAW and the HUMAN RIGHT of individuals to personal data protection.
![Page 18: Cybersecurity Parabellum](https://reader034.vdocuments.net/reader034/viewer/2022050313/626f6b4a5784c3701e274626/html5/thumbnails/18.jpg)
© Commonwealth Telecommunications Organisation
Further Information Contact:
Dr Martin KoyabeEmail: [email protected]
Tel: +44 (0) 208 600 3815 (Off)+44 (0) 774 261 0688 (Mob)
18
Q & A Session