Data Privacy – the hidden practicalities of the POPI Act
Organisations should balance the reality of fines and penalties resulting from non-compliance with the POPI Act with the benefits of privacy as a value proposition in business. Trustworthiness between business, its clients, suppliers and employees should be an established business value. By processing privacy data legally organisations maintain this important value. Internationally the business impact of reputational damage often exceeds the fines for non-compliance. The emphasis should therefore be about the balance of protecting privacy reputation with avoiding the potential fines and penalties.
Too many organisations are led to believe that privacy policies, notices, consent and choice forms are the most important aspects to establish the base of privacy compliance. Regardless of their importance and requirement, these principles tend to lose their value if they are not integrated into a more comprehensive approach to privacy. Such an approach should include capabilities such as data management, risk assessment, governance, risk and compliance frameworks and IT security and control practices amongst others. Probably the biggest challenge for business will be in the ability to prove compliance to the Act. This brings the challenge of enforcement and the expected measurement thereof, not only to the organisation but also to the parties responsible to audit compliance.
Magna therefore focuses on the implications of the POPI Act on business disciplines and uses a pragmatic compliance approach. This addresses the impact on policies, processes, regulations, risk reduction, access control, data custodianship, business controls, IT governance and organisational culture, values and behaviour – the hidden practicalities of the POPI Act. Our approach is unique in the way that we establish a Privacy Information Landscape to develop a Risk Decision Model which guides the execution of a compliance roadmap to achieve the required Privacy outcomes.
The Magna team consists of an interdisciplinary group of subject matter experts with each more than 20 years’ extensive local and international business and information technology experience. Through their career journeys they participated at all levels of business management and initiatives e.g. major international programme and project management, strategy formulation, governance and compliance, business turnarounds, IT-, Finance-, HR-, Supply Chain- and operations management.
This enables the team to navigate skilfully around the typical pitfalls and challenges of a POPI compliance project.