Writing and Blog

A collection of my writing, musings, and opinion pieces. Please check back for updates!

Hire Ross

Ross is available for technical and other writing.

Should you be interested, please get in touch!

Assessing POPIA/GDPR compliance for your own SaaS offering

As a Software-as-a-Service (SaaS) provider, you will often be what is known as an “Operator” (POPIA) or “Processor” (GDPR) in privacy legislation. While you do not hold the lion’s share of responsibility for compliance, there are some obligations that you have towards your clients. Whether you are a B2B platform or a B2C platform, there are measures you need to take to ensure that your clients and consumers are protected from a security and compliance point of view.

read more

Are you ready for a POPIA deletion request?

POPIA has been in motion for a while, but now that we’re in the grace period, I’m seeing many more Data Subject Access Requests (DSARs) at my clients. These rights allow for the deletion of a subject’s personal data on request (among others). While simple on the surface, it is goes a lot deeper and is quite tricky.

read more

Not all privacy laws are equal: managed services challenges

Within the software space, it is often the case that you will transfer data across borders (whether you know it or not). A transfer is not necessarily as blunt as taking a file from location A and transferring it to location B. Accessing file A from location B is in fact still a data transfer.

read more

How to configure ProjectSend on a Raspberry Pi (or Ubuntu)

A few weeks ago I posted an article on ProjectSend, which is a great alternative to FTPS / SFTP when it comes to transferring files to and from your clients. Today, I’ll be doing a bit of a technical post that you can pass on to your IT team in order to setup your own ProjectSend server.

read more

Practical Privacy Live Training – Awareness Builds Culture

I have mentioned before in a few posts, that compliance to privacy legislation should be more of a company culture based exercise than a compliance checklist. A privacy-aware culture is one that can to a degree self-manage itself with staff members helping each other out as far as privacy is concerned, as opposed to relying on internal audit and a retrospective approach.

read more

The What and Why of Data Protection Management Reviews

In keeping with the ongoing practice of privacy compliance, you need to perform management reviews of your programme. While the acts and regulations are not necessarily explicit in conducting a management review, they do mention that the Information Officer needs to maintain a programme or framework, and part of this is ongoing review of activities.

read more

Struggling with POPIA? Turn to your Dev team

As a software company, there are many components to consider in your Privacy Programme. Kicking off a privacy programme in a software company is adding more overhead to an already lean process, so how do you go about incorporating it in a familiar way? By releasing and managing your privacy programme the way you manage your SDLC.

read more

10 Myths About Your GDPR/POPIA Privacy Programme

The last few weeks has seen the privacy industry heating up here in SA, what with the introduction of POPIA. In these weeks, I’ve seen a lot of advice dispensed by non-specialists in the privacy field; some of it is valuable, but a lot of it is dangerous. This week’s post is a listing of the top 10 myths I see in advisory and questions from clients and workshop attendees.

read more