POPIA Compliance - Show me the money
It is common knowledge that South African businesses are burdened with a deluge of laws that they are required to comply with. Compliance with privacy laws such as POPIA and GDPR adds to this burden, and it goes without saying that compliance comes at a cost. But very rarely does a law come into place which actually presents businesses with more opportunity than the cost of compliance. If compliance with privacy laws is viewed as just another burden and a tiny legal and IT budget is allocated to comply, your business is missing out on the bigger picture and on an enormous economic opportunity. Apart from the obvious benefits of risk mitigation, including the avoidance of fines, jail time for Information Officers, damages claims and, more crucially, reputational loss, a well-structured and managed privacy compliance programme will lead to numerous financial benefits for organisations including:
- creating operational efficiencies;
- improved communication;
- generating cost savings;
- safeguarding of data, being an economic asset (which some refer to as “the new oil”);
- increasing a business’s competitive edge;
- increasing brand loyalty;
- the ability to engage in data philanthropy which in turn results in reputational enhancement; and
- critically, the ability of businesses to start generating new revenue streams from data mining utilisation and monetisation.
It simply does not make business sense for CEOs as well as Boards to ignore or pay lip service to privacy compliance and to make it an “IT department problem” or “legal counsel problem”, especially when the economic benefits of compliance far outweigh the cost of compliance. A well-structured privacy compliance programme guided and aided by commercially-minded privacy lawyers and the use of technology will do more than just help businesses avoid fines and jail time, it will ultimately result in financial benefit for the business. For CEOs and boards, compliance with privacy laws is an economic opportunity too good to ignore!
By Ridwaan Boda
Driving development through strategic insights and a culture of continuous improvement.
4 年Important not to underestimate the scale of the POPI Act. I spent two hours with a specialist dedicated to understanding the Act. Valuable to begin the process as soon as possible.
Director Business Consulting | Global Lead Change Management Business Consulting Service
4 年You are right Lucinda Botes - it is an opportunity in many ways. From my experience with implementing the GDPR requirements, it starts with having a look at your evolutionary grown processes that hamper you more than they support you and your business. How many of your processes focus on your core business? Further your information flow. How much information is sent to people that not need this load of facts and figures for their work, but will read it, store it, and forget it anyway instead of focusing on what matters for their job? Your IT-systems. How many do you have, that you do not need but you pay for them? And last but not least: Where is your 'new oil' buried in the company? Do you get the most of the data you already have? Do you actually know that you have it? Why searching for it twice or even three times? And do your business unites know that you have data that is important for their work? That makes their life easier and even more successful? You will find out as soon as you dig deeper. And belief me: by implementing GDPR, and probably POPI compliance requirements you will dig deep.
Great read, thanks for making POPIA and Compliance sound business sexy!!