CyberScape Africa Magazine Q2 2019 | Page 34

CYBER SCAPE AFRICA | Q2 The most important fact that am really proud of, is that Benin has established and applied « le code du numérique » (The Digital Code), with all legal requirements, rules, clauses and sanctions - on April, 2018. Data privacy, e-commerce, services providers, cybercriminality and cybersecurity, e-signature, network and services, are severals parts of The Digital Code. 2019 Can Africa achieve a “GDPR for Africa” framework with global effects? What would be the upsides of such a framework/ Yes, Africa can definitively have its own data privacy law. We have so much frameworks and examples to work with. This legal base is very important for the evolution of the digital ecosystem in Benin. Though I think they made an amazing job with that, but it can surely be improved. I sincerely hope they will implement all the processes and make available all the resources needed to assure that the law is applied. A law is useless, if sanctions are not given. The upsides will be the same as the one for GDPR, but focus on African residents and citizens. It‘s important for us, and for our humans rights as Africans, to have our personal life and our private information protected, secured like for the others citizens of the world. I don’t think it’s fair for a company to dispose of Africans & Africa residents private information without being sanctioned, the same way it is for Europeans citizens. Unfortunately, there is no national information security and cybersecurity strategy and plan. But I must admit that the government is shaking the digital ecosystem in Benin, I know in Benin, we are committed to building the best and most innovative digital ecosystem in West Africa, that is actually one of the promise of our president, His excellency Mr Patrice Talon. The only challenge I can think of, is the same problem we have in most things in Africa, coming together and making something happen for Africa. Unfortunately, to design and apply a general data privacy regulation for Africa, every nation across Africa must be committed and involved. You are an avid advocate for and a seasoned pro in data privacy and protection. What are your thoughts on the GDPR implications on Africa. GPDR is impacting European companies in Africa. But, from my point of view, African companies dealing with European citizens private data are still no bothered. For instance, how many African websites have a data privacy policy published? How many of them, give the rights to the visitors to give their consent to cookies or others information they collect? GDPR sanctions will be applied to African companies for sure, and it will obviously be a disaster for our economies. I urge every Africans companies, doing business with European residents to be compliant to GDPR. Even if you are a start-up, and you’re selling products or services on a web platform, and you’re collecting informations like name, address and obviously credits cards, from European residents, you need to be GDPR compliant. Being compliant to GDPR is not a big deal if you’re not collecting sensible private data, like religion, marital status, sexual orientation, medical information, etc. A quick one - do you think CISOs should be part of the “big boys” – the board? I need not think about this. It’s obvious. We won’t ask ourselves if a marketing manager or a financial risk manager should be part of the board, right? We are in a new era totally based on digitalisation. We are already talking about the 4th industrial revolution, cyberwar, cyberactivism, cyberterrorism,etc. The economy is based on the abilities of companies to protect and secure information. If the top management of the company don’t take seriously the importance of information and cybersecurity, they are surely not going to make it in this digital era. What are the fears of top level management regarding cybersecurity and how can they be allayed. It really depends on the risk appetite of the top level management - what they consider as high risk or residual risk.