No. Teams of officials representing the government and the Protection of Personal Information Act (POPIA) are not about to clap your business in irons or weigh you down with hefty fines. Not yet. There is time for your organisation to patch the holes, make the right strategic moves, and embed POPIA compliance throughout. There is time to make sure that your POPIA compliance strategy is managed carefully, and with the right partners, so you’re ready for the ultimate July deadline, and for the benefits that POPIA brings.
“Yes, there are benefits to undertaking the rigorous POPIA requirements and becoming 100% compliant,” says Stephen Osler, co-founder and business development director at Nclose. “If you undertake an assessment of your business in the process of aligning with POPIA, it’s an opportunity to discover vulnerabilities, to uncover unexpected risk factors, and to plug any unplanned gaps. POPIA may be a legal mandate and it may require that the business jump through several hoops, but these are invaluable for the organisation, especially if you’re running a global business.”
POPIA shares numerous traits with the GDPR, which is considered the de facto standard in privacy regulation at the moment. This means that if your business is compliant with POPIA, it will very likely only need to make a few additional adjustments to be compliant on a global scale. That said, many companies are leaping at POPIA solutions without following due diligence and run the risk of spending more on compliance than is absolutely necessary.
“There are plenty of solutions that are riding the POPIA bandwagon and that don’t fully meet the mandates within the legislation,” says Osler. “They’re taking advantage of companies that haven’t yet completed their POPIA compliance process, or who haven’t started yet, but don’t be fooled. There’s no product or solution that’s going to be the proverbial silver bullet that solves all your POPIA problems. Compliance is about good governance, about putting acceptable controls in place and ensuring that you understand exactly how you manage your customer data. No one product can do all that.”
Osler points out that there are numerous products on the market that are failing to deliver on their promised POPIA mandate. Data leaks, unexpected vulnerabilities, missed gaps in business process or security – these are often missed and they are the cause of a large fine, reputational loss or a breach, and they come with poorly managed and implemented solutions that promised a bandage when they were, in reality, a band-aid.
“Companies need to be cautious when choosing a partner to help them achieve POPIA requirements,” says Osler. “The partner has to provide a truly robust and relevant solution that meets very specific standards and integrates properly. The business has to take ownership of POPIA processes and systems and ensure that it actively engages in compliance. Technology is just the enabler, it’s the business that brings compliance to life.”
Managing customer data isn’t brain surgery. It’s common-sense security and data management that’s smart and agile and embedded into corporate culture. Companies can achieve their POPIA compliance goals by the deadline, and they can do so without unnecessary expenditure or complexity. They just need a clear strategy and perhaps a trusted partner that will facilitate the process, embed the right controls, and deliver the right results.