Sections of the long-anticipated Protection of Personal Information (PoPI) Act 4 of 2013 came into effect on 1 July 2020, giving South African organisations a year to become compliant or risk substantial fines and penalties in the future.
The data privacy law governs when and how organisations collect, use, store, dispose of and otherwise handle personal and sensitive data. In effect, this will force companies to make sure that the required policies are in place, but this could prove challenging for some, as many companies have been dragging their feet in terms of becoming PoPI compliant.
The enforcement of the Act comes at a time when most companies are focusing almost exclusively on keeping the lights on by retooling their workforces to operate remotely due to the COVID-19 pandemic. The timing has created a bit of rush, especially for organisations that have not yet started their compliance projects, and will have to work quickly to ensure that they meet the requirements of the Act.
Aside from not running afoul of the law, PoPI compliance is also fast becoming a competitive advantage and can generally benefit an organisation. From a consumer point of view, it builds a level of trust and instils a sense of security knowing that your sensitive information is being handled by a PoPI compliant organisation.
People want to know that, especially during times of uncertainty, the organisation they are dealing with has their best interests at heart and has taken all the necessary steps to protect their sensitive information, such as medical data, during a pandemic.
At the same time, businesses that are PoPI compliant have the confidence that in the event of a data breach, their data is adequately protected, which reduces the risk of reputational loss and associated costs. Regulatory compliance also provides organisations with the ability to analyse and have more control over the data they handle and better understand its purposes.
Better data management can increase the efficiency and effectiveness of any business, as data is recognised as a valuable resource. However, a scary fact is that the more data organisations generate on a daily basis, the less they know about it.
Aside from assisting with compliance to legislation and governance, effective data management solutions can help an organisation simplify its data management strategy. By giving it a central view of its important data, it allows the company to determine who should have access to this data and for what purpose, to see where it is stored and to run audit trails to see who is accessing what information.
Data management also plays a key role in helping organisations interrogate their data to determine what data they actually have and where it is housed. This enables them to build a compliance model that will guide the acceptable usage of personal information, and when it needs to be disposed of.
There are numerous technology solutions that can help with data management. It is key for organisations to deploy solutions that offer data protection, as this forms part of compliance to legislation such as PoPI, so the offering must provide the basic principles of securing data. Secondly, organisations must ensure that a lot of reporting capabilities are built into their technology, as well as access control, role-based security features and monitoring capabilities.
Companies need to go back to basics and prioritise what’s important, making sure they are covered by the basic principles of data management. If you bolster your data management, the rest of the pieces will fall into place, making it easier to comply with data privacy laws.