CYBER SCAPE AFRICA | Q2
The most important fact that am really proud of,
is that Benin has established and applied « le
code du numérique » (The Digital Code), with all
legal requirements, rules, clauses and sanctions -
on April, 2018. Data privacy, e-commerce, services
providers, cybercriminality and cybersecurity,
e-signature, network and services, are severals
parts of The Digital Code.
2019
Can Africa achieve a “GDPR for Africa”
framework with global effects? What would
be the upsides of such a framework/
Yes, Africa can definitively have its own data
privacy law. We have so much frameworks and
examples to work with.
This legal base is very important for the evolution
of the digital ecosystem in Benin. Though I think
they made an amazing job with that, but it can
surely be improved. I sincerely hope they will
implement all the processes and make available
all the resources needed to assure that the law is
applied. A law is useless, if sanctions are not
given. The upsides will be the same as the one for GDPR,
but focus on African residents and citizens. It‘s
important for us, and for our humans rights as
Africans, to have our personal life and our private
information protected, secured like for the others
citizens of the world. I don’t think it’s fair for a
company to dispose of Africans & Africa residents
private information without being sanctioned,
the same way it is for Europeans citizens.
Unfortunately, there is no national information
security and cybersecurity strategy and plan. But I
must admit that the government is shaking the
digital ecosystem in Benin, I know in Benin, we
are committed to building the best and most
innovative digital ecosystem in West Africa, that
is actually one of the promise of our president,
His excellency Mr Patrice Talon. The only challenge I can think of, is the same
problem we have in most things in Africa, coming
together and making something happen for
Africa. Unfortunately, to design and apply a
general data privacy regulation for Africa, every
nation across Africa must be committed and
involved.
You are an avid advocate for and a seasoned
pro in data privacy and protection. What are
your thoughts on the GDPR implications on
Africa.
GPDR is impacting European companies in Africa.
But, from my point of view, African companies
dealing with European citizens private data are
still no bothered. For instance, how many African
websites have a data privacy policy published?
How many of them, give the rights to the visitors
to give their consent to cookies or others
information they collect?
GDPR sanctions will be applied to African
companies for sure, and it will obviously be a
disaster for our economies. I urge every Africans
companies, doing business with European
residents to be compliant to GDPR. Even if you
are a start-up, and you’re selling products or
services on a web platform, and you’re collecting
informations like name, address and obviously
credits cards, from European residents, you need
to be GDPR compliant.
Being compliant to GDPR is not a big deal if
you’re not collecting sensible private data, like
religion, marital status, sexual orientation,
medical information, etc.
A quick one - do you think CISOs should be
part of the “big boys” – the board?
I need not think about this. It’s obvious. We won’t
ask ourselves if a marketing manager or a
financial risk manager should be part of the
board, right? We are in a new era totally based on
digitalisation. We are already talking about the
4th industrial revolution, cyberwar, cyberactivism,
cyberterrorism,etc.
The economy is based on the abilities of
companies to protect and secure information. If
the top management of the company don’t take
seriously the importance of information and
cybersecurity, they are surely not going to make
it in this digital era.
What are the fears of top level management
regarding cybersecurity and how can they be
allayed. It really depends on the risk appetite of
the top level management - what they consider as
high risk or residual risk.