As a trusted SaaS payments systems company, we give our clients the ability to offer end users valuable services. Often that requires accessing customers’ personal information in the cloud. For example, for a customer to take up a financial product that one of our retail clients provides, we need to verify their identity and banking details by comparing those details with information stored in another bank’s database. Among some of the details stored there may be sensitive information like bank account numbers, addresses, phone numbers and more.
POPIA… aims to protect South Africans’ right to privacy, as enshrined in section 14 of our Constitution.
At Electrum, we take accessing sensitive, personal information very seriously, which is why we support recent legislation at home and abroad to protect it. POPIA, the Protection of Personal Information Act (no. 4 of 2013), aims to protect South Africans’ right to privacy, as enshrined in section 14 of our Constitution. While the provisions of this act aren’t in force yet, we already comply with those that regulate the processing of personal information.
In accordance with POPIA’s provisions, we endeavor to only collect personal information for a specific purpose, and only directly from customer (the ‘data subject’), unless that information is already in the public record or we have the customer’s consent to collect it from another source. The data subject must be aware of the purpose of collection, and we won’t retain personal information for longer than it’s required.
In addition, whatever information we do collect, we ensure that it’s complete, accurate, not misleading and up to date. Finally, thanks to top-notch security management systems, we do all we can to safeguard against loss, destruction or unlawful access of personal information.
… fully compliant with the provisions of EU data protection laws.
Electrum is also in the process of becoming compliant with the provisions of the European Union’s GDPR (General Data Protection Regulation). The EU’s privacy and data protection law came into effect on 25 May 2018, and applies to Electrum should we process the data of citizens and temporary residents of EU member state, or offer goods or services in the EU.
While POPIA and the GDPR have similar definitions, conditions and principles, the GDPR is far more extensive. The European legislation encourages the use of certification schemes like ISO 27001, the international standard for establishing, implementing and continually improving information security management systems. We’ve already embarked on the process of attaining ISO 27001 and we’re confident that should any data we process fall within the ambit of the GDPR, we’ll be fully compliant with the provisions of EU data protection laws.
…Electrum has been proactive in ensuring our information security is up to international standards
The consequences of weak protection of personal information are very serious indeed. Identity theft, theft of funds electronically and infringements on privacy are some of the frightening results of customers’ data falling into the wrong hands. And for our clients, data protection is a responsibility they take very seriously, both for the wellbeing of their customers and their own reputations.
That’s why Electrum has been proactive in ensuring our information security is up to international standards. With millions of transactions flowing through our systems every day, our clients can rest assured that whatever information is processed on behalf of their customers, it’s treated with the necessary care and respect to protect everyone’s privacy.
If your business could benefit from Electrum’s secure services, speak to us today.