How do medium size enterprises ensure that they don’t fall foul of...

How do medium size enterprises ensure that they don’t fall foul of new data protection regulatory requirements?


How do medium size enterprises ensure that they don’t fall foul of new data protection regulatory requirements?

Take a deep breath, don’t panic and realise that you are not alone in this. Every organisation, no matter what, is in the same boat and a pragmatic approach is all that you will need to ensure that you aren’t inadvertently exposed to censure by the new information regulator.

Related: PoPI: This Changes Everything

So… where do we start?

Look at your current business model. Try and get an understanding of the exposure you would face as a mid-market organisation by getting to grips with what is expected of companies when it comes to ensuring that you are operating in line with the data protection regulations defined in the POPI Act.

Follow a phased approach that starts with assessing the current state of data protection capabilities inherent within the business. Try to get a greater understanding of where and how you collect the information that is expected to be covered under the POPI Act.

Assign the responsibility for the businesses efforts for compliance to an individual or collective who understand the requirements and the business model that your company employs.

This resource will ultimately be responsible for ensuring that all efforts to comply are coordinated into a single cohesive initiative.

Why should we care?

Well aside from the obvious civil and criminal liabilities that the directors of the business personally face, there is the more important issue of reputational damage. South African consumers are slowly waking up to their rights and they will want organisations tasked with handling and processing their personal information to be doing so with their best interest at heart.

By showing you are being pro-active about the security and integrity of your clients’ personal information; you are showing a commitment to excellence. In doing so, you are creating a competitive advantage that the peers in your industry are sure to want to follow.

What are the next steps?

Look to the web, and research the pitfalls of navigating the increasingly complex subject that is the protection of personal information.

Try and find some time to review the Act in its entirety and gain a greater understanding of how it will apply specifically to your business.

Finally engage with industry experts or specialists that assist organisations on a daily basis with working towards the adoption of specific initiatives that are helping businesses to comply to the POPI Act.

Related: How does POPI apply in the retail environment?


Drew van Vuuren
With over 18 year's experience in corporate security and privacy, Drew van Vuuren is an leader in the information security industry. Drew heads up 4Di Privaca, an innovative specialist information security and privacy practice. Prior to 4Di Privaca, Van Vuuren provided information security architecture for the design and delivery of solutions to major global companies, including KPMG (United Kingdom and South Africa), and earlier for both Orange Business Services and Symantec Corporation in the UK. Van Vuuren has an appreciation of data management and assurance.