POPIA: it’s not as scary as you think


Right now, there’s a word that’s keeping many South African business executives awake at night — and it’s not Covid-19. While few were looking, POPIA, the Protection of Personal Information Act, came into effect on July 1 2020, and it’s going to fundamentally change the way South African businesses deal with consumers’ personal information.

POPIA establishes a number of minimum requirements that businesses and other organisations must comply with when dealing with personal information: how they gather it, use it and protect it. This includes having to implement measures and procedures to secure that information.

These new requirements apply to every single entity in the country that processes any personal information, including all businesses. Businesses have 12 months to get their house in order, with fines of up to R10-million for non-compliance.

How will POPIA affect my business?

In truth, POPIA shouldn’t come as a shock to any business: data security and compliance is a discussion we’re having with most of our customers anyway. It affects every business, and every part of the business, even to the extent of ensuring your suppliers and your staff are compliant as well.

POPIA will affect different organisations in different ways. Generally speaking, you’ll need to review your data collection and storage policies, and embark on a journey of making your entire company more data-savvy.

Your business may have to change its approach to customer information, and this is a conversation that has to be driven from the top downwards. If ever there was a time to spring-clean your information, this is it. Ask yourself: what personal information do we hold? How do we get it, and why do we have it? Is the consent we have valid under POPIA?

From a marketing point of view, you’ll have to rethink how you reach new customers. The days of buying a database and then bombarding those in it with your ads and marketing messages are gone. Legally, your T&Cs documents will have to change. You can’t just have catch-all clauses: you actually have to get people’s express consent to gather and use their data. And if they want to be forgotten, you have to let them go.

What’s the benefit for my business?

POPIA is a great opportunity for local businesses to overhaul not only their data policies, but their entire approach to data security, and go beyond mere compliance to create a source of trust and advantage with their customers.

Part of the challenge is that many companies still see data security and compliance as a cost, a grudge purchase or a box-ticking exercise. To us, it’s the exact opposite: it’s a saving, when you consider the staggering impact and cost of data breaches for companies.

Companies that get proactive about compliance are creating huge strategic advantages for themselves. Done properly, compliance makes your business more risk aware, more transparent to regulators and you are able to reduce operational costs. 

So what do I do next?

Find out what’s legally required to keep your customers safe and keep their personal data out of harm’s way. At the same time, you’ve got to protect your business information, which is your source of competitive advantage.

But to make it work, you have to realise that data compliance and security is a continuous process, not a once-off event. You’ve got to plan ahead, and send a clear message throughout your organisation that you take data compliance and security seriously. It’s not just a question of installing a few firewalls and some bells and whistles: it’s a culture that has to be embedded and reinforced.

Ultimately, it’s a good idea to speak to an expert, or your managed business services provider, to assess the impact of POPIA on your business. That way, you can turn compliance to your advantage.

To learn more about the POPI Act an how it affects you, click here.

Daniel Lotter is Head of Innovation at Itec

About Itec Group South Africa

Itec is southern Africa’s fastest-growing office automation, production printing and tele- communications solutions provider. Through its 47 southern African branches, the company implements total office solutions based on imported, industry-leading, and award-winning products.

Itec serves medium-sized and large businesses in sectors as diverse as financial services and retail, supporting its innovative solutions with proactive service delivery. Some of its 18 000 customers include Value Logistics, Implats, Department of Housing, Business Connexion, ADT, Rand Refinery, First National Bank, Anglogold Ashanti, National Health Laboratory Services and ADvTECH.

Itec management rebranded the company in 2004 following a merger of the separate copier, printer, and fax business units initially established in 1987.

For more information, please visit www.itecgroup.co.za