South Africa

The Protection of Personal Information Act (POPIA) is the first comprehensive data protection law of South Africa. Its main purpose is to protect personal information processed by public and private organizations, specify the conditions and minimum requirements for personal information processing, and protect the rights of data subjects. For details, refer to the original POPIA text.

HUAWEI CLOUD Compliance with South Africa POPIA shares Huawei Cloud's experience and best practices in privacy protection with you to help you comply with South Africa POPIA requirements.

South Africa has given two independent regulatory authorities to regulate the financial sector:

● The Prudential Authority (PA) is an independent institution established within the management framework of the South African Reserve Bank (SARB). The PA is responsible for the prudential supervision of South African financial institutions. Its work is focused on maintaining and strengthening the financial security and soundness of financial institutions and ensuring financial customers are protected from the consequences of a failure of financial institutions to fulfil their obligations.

● The Financial Sector Conduct Authority (FSCA) is responsible for improving financial market efficiency and integrity, protecting financial customers, and promoting fair treatment for financial customers.

The PA has issued relevant directives and guidelines to for prudential supervision of South African financial institutions, insurance companies, and cooperative financial institutions.

● D3/2018: Cloud Computing and the Offshoring of Data stipulates how financial institutions must be regulated if they choose cloud computing or offshoring of data management. This directive should be considered together with the "G5/2018".

● G5/2018: Cloud Computing and the Offshoring of Data is a guide for the "D3/2018" and should be considered together with the "D3/2018".

● G5/2014: Outsourcing of Functions within Banks explains the potential risks arising from the selection of outsourcing service providers by financial institutions, and provides guidelines for evaluating outsourcing-related risk, and the elements of an appropriate risk management program.

● G4/2017: Cyber Resilience establishes management requirements for the network resilience of financial institutions, emphasizing the importance of security and effective operations to financial stability and economic growth.

FSCA has issued Directive 159.A.i to regulate the outsourcing management of financial institutions.

It is a legislative requirement for outsourcing management of insurance companies (including reinsurance companies). Regardless of whether the insurance company is located in South Africa, or any subsidiary of the insurance company, it shall comply with this directive.

HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines in South Africa describes how Huawei Cloud will help you meet the regulatory requirements of the financial industry in South Africa.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud. For example, if a financial institution is involved in cloud computing or data offshoring, it has to comply with "D3/2018" Cloud Computing and Data Offshoring released by the PA.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.