John has more than 30 years of experience in the IT industry, approximately half of which have been spent in vendor organisations and the other half in user organisations. During this time he has gained experience in strategic planning, infrastructure architecture, information security, compliance, governance, privacy, project management and vendor relationship management.
John has specific skills in GRC (Governance, Risk and Compliance) with an emphasis on local requirements such as King III and the Companies Act (71 of 2008), as well as international practices in this area. John has gained experience in the airline, IT vendor, healthcare and financial services sectors.
John became aware of the fact that South Africa is more than 20 years behind other countries in privacy and protecting personal information a few years ago. He has been placing a strong focus on helping organisations to prepare for complying with the Protection of Personal Information (POPI) Act and best practices for privacy and data protection since 2013. He also believes there are good business reasons for taking proactive steps in protecting personal information.
John Cato has experience in a number of areas relating to the POPI Act, data privacy and protection:
- Certified Data Protection Officer (CDPO) though PECB as per EU GDPR (General Data Protection Regulation) requirements
- Co-authored multiple articles about data privacy and protection and POPI
- Spoken at multiple workshops on data privacy and protection and POPI
- Consulted to multiple clients on data privacy and protection and POPI
- Managed numerous POPI projects
- Developed multiple consulting tools for data privacy and protection and the POPI Act
Has over 15 years of information Security experience which are required for implementing the Security Safeguards required by the POPI Act.