Regulation is crucial for cloud migration and data centre operations, but in excess, it can stifle innovation, says Zwakele Mbanjwa, data and tech lawyer at Michalsons.
Speaking to ITWeb on the sidelines of the ITWeb Cloud and Data Summit 2024, held recently in Johannesburg, Mbanjwa commented on the significance of the National Policy on Cloud and Data and how it strengthens cyber security posture.
“When you think about it in the broader context of this National Data and Cloud Policy, it sets the tone for how South Africa intends to approach its digital economy, specifically viewing data and cloud as enablers of this economy,” Mbanjwa said.
He added that the policy provides a framework to help South Africa leverage data to drive digital transformation and address challenges such as economic inequality, unemployment, service delivery, and infrastructure constraints.
Mbanjwa highlighted four main aspects of the policy that will impact business operations: data localisation and sovereignty, privacy and cyber security considerations, cross-border data considerations, and infrastructure.
The policy addresses how different types of data need to either stay within the country, or be processed under South African law when transferred abroad, he explained. The second major component involves privacy and cyber security considerations—a standard concern, especially given the focus on data protection that we’ve had since the introduction of POPIA locally and GDPR more broadly.
“What is exciting is the guidance we are anticipating from the industry regulator around cross-border data transfer and I think that’s going to make the idea of moving information – particularly personal information – from one place to another, a bit more clear.”
The need for a comprehensive policy to protect data, ensure local control over critical information, and support the digital economy led to the establishment of the policy in May 2024. It was introduced to create a secure and compliant data environment while fostering growth in cloud services.
Mbanjwa noted that the policy is part of an open data initiative, granting access to non-sensitive government data and promoting innovation through data analytics and AI.
Although the policy is not law, it organises concepts like data sovereignty and data localisation into a document applicable to both public and private sectors.
Share