Please use this identifier to cite or link to this item:
DC FieldValueLanguage
dc.contributor.advisorRuhode, Ephias, Profen_US
dc.contributor.advisorHarpur, Patricia, Dren_US
dc.contributor.authorTheys, Marvin Walteren_US
dc.descriptionThesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2020en_US
dc.description.abstractThis study explores the challenges relating to protection of personal information (POPI) compliance within a small software development company. The aim of study is to uncover these challenges and provide guidelines that could assist other small software development companies. Fines of up to ten million rands could be imposed on companies that do not comply. The researcher’s experience as a software developer and as an information technology manager, coupled with preliminary studies, revealed that companies have not yet started to prepare for when the Protection of Personal Information Act, No. 4 of 2013 (POPIA) comes into full effect. A review of pertinent literature had themes Consent, Data Officers, Deletion of Personal Information, Policies, and Technical Measures emerge. Consequently, the following research question was formulated, “What implementation guidelines should be considered by SMEs to promote compliance with POPIA?” Two sub-research questions were required to answer the main question. These are Sub-Question 1, “What are current challenges that small and medium enterprises (SMEs) could face when implementing POPIA compliance?” and Sub-Question 2, “How can POPIA compliance implementation challenges be met?” To answer the research questions, the following research design and method were used. A multi-method design was used in an exploratory case study. The methods used in the study incorporate interviews and surveys. Findings suggest that companies will have challenges relating to POPIA compliance. Recommendations include that companies review existing legislative requirements and ascertain if POPIA impacts them in any way, and that staff should receive training on cyber security in the workplace. Furthermore, companies should secure information technology infrastructure, including any software and data, and should have frequent penetration tests conducted by an independent organisation. In addition, company policies should include protection of personal information. Lastly, information technology teams should identify and document threats that could compromise personal information. The study found that POPIA impacts companies subjectively and therefore a recommendation for future research is that similar studies be conducted in various companies to determine the impact POPIA compliance will have. Furthermore, the possibility of an independent body that issues POPIA compliance certificates should be researched.en_US
dc.publisherCape Peninsula University of Technologyen_US
dc.subjectSouth Africa. Protection of Personal Information Act, 2013en_US
dc.subjectPrivacy, Right of -- South Africaen_US
dc.subject.otherData protection -- Law and legislation -- South Africaen_US
dc.titleExploring compliance with the protection of Personal Information Act : implementation considerations in small software development companies in South Africaen_US
Appears in Collections:Information Technology - Master's Degree
Files in This Item:
File Description SizeFormat 
Theys_Marvin_210184043.pdf3.88 MBAdobe PDFView/Open
Show simple item record

Google ScholarTM


Items in Digital Knowledge are protected by copyright, with all rights reserved, unless otherwise indicated.