The collection, usage and sharing of personal information is regulated primarily by the Protection of Personal Information Act 4 of 2013. The Act was recently promulgated and is yet to be implemented. The Act seeks to give expression to the right to privacy provided for in the Constitution.
At the time of writing, the primary enforcement arm contemplated by the Act, the Information Regulator, has yet to be appointed. Once appointed, all businesses will be required to register with the Information Regulator to make public what personal information is being collected, and what it is being used for.
The Information Regulator will be empowered to enforce compliance with the Act, and able to investigate whether an entity is lawfully processing the public’s personal information.
Related: Protect Your SME From PoPI
How are privacy policies affected?
The Act defines the term ‘processing’ broadly, and includes “the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use of a person’s personal information”. To process a person’s personal information, the prior consent of the person (data subject) is needed.
The Act restricts a company’s ability to store personal information outside of the country by requiring that it be transferred only to countries in which comparable security laws and data protection measures exist.
A situation such as this arises more easily than expected. Consider the example of the humble contact form: Your website, with its local server situated in Midrand, utilises a plugin to create custom contact forms.
Although your server may be in Midrand, every person who completes the contact form on your website has their personal information transferred and stored on servers in the home jurisdiction of your plugin creator, which may be in the US. But the plugin creator may also make use of third-party service providers based in Vietnam. An in-depth investigation of all third-party plugins and processes of a website is therefore required to ensure that you comply with the Act.
Access by a data subject to personal information
A data subject is entitled to request a full disclosure of any personal information held by the company.
As the procedures governing access to personal information overlap, companies should also ensure compliance with the processes outlined by the Promotion of Access to Information Act 2 of 2000 (‘PAIA’).
In terms of PAIA, all companies are required to compile a manual that needs to be registered with the South African Human Rights Commission. This manual sets out the company’s contact information, what records are available for inspection, the identity of the leadership of the company, as well as the manner in which a person may request access to information held by the company.
However, the Minister of Justice and Correctional Services has exempted private bodies from complying with this requirement for a period of five years, starting from
1 January 2016.
Innovative Business Solutions And Compliance
Compliance with certification is a strong way to demonstrate that you are managing your business proactively.
As a business owner, you are probably aware of where your business could improve. Sometimes a business owner would like to improve their business but is not sure how to begin. Therefore, it is of the utmost importance to develop an environment which will foster innovation and create key steps to improve your business while simultaneously trying to comply with all of the necessary legalities.
It is important for an entrepreneur to assess their situation first. Most business owners will ask the question why? Why can’t everyone will follow the same steps to success. Every business is different and unique, therefore, before you start making changes within your business, it is a good idea to make sure you have a full understanding of the factors affecting your business success and whether you are complying with necessary legalities.
Compliance may actually improve performance by giving your business a competitive edge. Legal compliance can assist you with improving your customer relations, enhancing your reputation and most importantly avoiding the cost of legal proceedings.
There’s this saying, ‘What gets measured gets improved’ explains Charles Gaudet, founder and CEO of Predictable Profits, a consulting firm that offers advanced marketing techniques to entrepreneurs who are passionate about expanding their small businesses.
Related: Compliance For Entrepreneurs
Here are a few strategies that you can use to make your business more profitable in the future.
Innovative Marketing solutions
For every business owner, marketing is an important tool to improve their businesses. You may think that you are missing an opportunity if you don’t jump right attracting customers with some type of marketing message.
However, as quoted by John Rampton ‘’one of the best things you can do to achieve growth is to slow down and spend time studying the trends.” What does this mean? While rushing into marketing your product you tend to forget certain details, and once it is out in the public its difficult to forget or to undo. Therefore, its very important to research the market and consumer trends before launching anything.
This becomes very important when you consider the potential risk to your business for the infringement of another product, which is confusingly similar to your product. You also do not wish to be guilty of using a similar brand name, slogan or logo as one of your competitors. Therefore, before you set out your personalised solutions when designing ads and directing messages to consumers ensure you are not infringing on anyone else’s rights as this will likely lead to expensive legal costs for your business.
Compliance Breeds Confidence
It is important to remember that clients are concerned whether suppliers are properly compliant. Compliance with certification is a strong way to demonstrate that you are managing your business proactively and that the money a customer will spend i.t.o. buying your goods or services, is in safe hands. Conversely a failure in compliance can, as well as exposing you to the risk of regulatory sanctions, severely damage your business’ credibility.
For example, in the financial services industry there is an increasing requirement to demonstrate strong security to both external auditors and prospective customers.
With regulation that you feel is of no value, determine how to satisfy the requirements with the minimum effort necessary. Do, however, double check that you are not missing out on a benefit that may be rewarding for your business.
In conclusion, it is important to note when improving your business one always need to act in accordance with the correct laws and procedures. Therefore, if a company is embracing the difficult task of being compliant, I recommend using this as a competitive weapon to improve your business. It just might end up making you and your team better which is usually rewarded with more business.
Policies and Procedures – A Critical Business Support Tool
No longer just an administrative burden, policies and procedures are an essential business support tool in a complex business environment.
In South Africa, SMMEs account for more than 70% of the overall employment rate. It’s critical, therefore, that SMMEs maintain both stability and growth concurrently – our country’s economic development depends on it. However, the tension between stability and growth must be managed, particularly in today’s complex regulatory environment with its ever-increasing compliance requirements.
Smaller organisations often consider policy creation, management and distribution as an administrative burden. Fortunately, growing numbers of small business owners and managers are realising that accessible and clearly-written policies and procedures are essential to business success.
Companies that create, manage and distribute clear policies and procedures reap significant business benefits, some of which are highlighted below.
Consistency and Stability
Clear policies and procedures ensure that staff and management adhere to specific ways of working, minimising time spent on analysis and interpretation, while creating consistency and stability across the organisation.
Policies and procedures allow new hires to onboard quickly, while ensuring they adhere to standard practices and controls.
Health and safety policies not only protect staff, but also visiting clients and stakeholders.
It is important to define boundaries around a position or role. Employees must know and understand their respective responsibilities.
Standardised procedures lead to cost efficiencies from both time and resource perspectives.
Policies and procedures allow organisations working in different areas to develop a uniform approach to business processes which, in turn, supports internal staff transfer when and if required.
Businesses operate in a highly regulated environment. Proof of compliance is not only required in terms of the regulatory environment, but also in terms of risk management and governance. SMMEs do not always appreciate the value demonstrable risk management and governance structures can have, albeit as intangible assets. These structures enhance the oversight role of any business, providing more developed and sustainable business strategies. An additional benefit is the ability to manage liability arising from negligence or malpractice suits. It is no longer enough just to have a policy in place though – distribution and access must be shown.
SMMEs can create and develop a learning culture depending on the availability and distribution of policies and procedures. Tests and assessments linked to specific policies confirm knowledge transfer, formalising both learning and the eligibility to complete tasks.
Given the ever-increasing complexity and competitiveness of business today, policies and procedures provide the parameters and guidelines of business operations, enhancing efficiencies, increasing value and promoting professionalism. Policies and procedures are no longer just an administrative function, they are a critical tool for business success.
4 Vital Differences Between King III And King IV™ On Corporate Governance
Ilana Steyn, unpacks some of the most significant differences between the Institute of Directors in Southern Africa’s (IoDSA) latest report on corporate governance, the King IV Report, and its former version, King III.
April 2018 marks a year since the effective date of the IoDSA’s (Institute of Directors in Southern Africa) latest report, the King IV Report on Corporate Governance ™ (King IV™), on effective and ethical corporate governance.
What is the King Report?
If you’re not familiar with the King Reports: it’s a series of reports that translate international standards and big-time happenings on corporate governance into set of local principles. Each new Report replaces the former.
The aim of the King Report is to set up actionable principles for South African company leadership to act as modern, good corporate citizens.
It also ensures those in leadership positions act in the best interest of the company and all parties influenced by the company. The first Report, King I, published in 1994, and was the first officiated document of its kind in South Africa.
Why is it useful to my business?
The Report also promotes transparency within your company’s leadership to ensure transgressions aren’t hidden that will eventually damage the company. The Report also ensure blunders can be evaluated, found and corrected ASAP. Today, its mandatory for all JSE listed companies to implement the Report into their company policy.
If you’re a smaller business or a non-profit, you can comply with the Report voluntarily; by applying the principles you’re essentially ensuring the long-term sustainability and survival of the business.
It also helps that create a healthy corporate culture and when your business’s foundation is healthy, growth is unthreatened.
If you haven’t applied any of the former Reports in your business, you’re in luck; King IV™ is the simplest, and seemingly the most practical, Report in the family of four reports.
Why was King IV™ needed?
Companies, especially smaller businesses, often struggled to apply the King III due to its long-winded structure.
King IV™ was needed because King III, published in 2009, was out-dated in terms of present-day concerns like technological advances, the increased need for online transparency, long-term resource sustainability and information security.
Here’s the rundown of the most significant differences between King IV™ and King III.
1. King IV’s™ structure is much simpler to apply
While King III did a good job of summarising the extensive scope of effective and ethical governance into 75 principles, the Report still lacked clear guidance on real-world application.
Ensuring the effective incorporation of all 75 vague, ethical principles was too exhaustive for most companies to implement, monitor and account for.
That’s why King IV™ took a different structural approach. King IV™ boiled good corporate governance down to 17 simplified principles, each supplemented with various recommended practices to make it easier for smaller companies to implement the principles within their day-to-day running.
2. King IV™ spotlights practical implementation
King III lists multiple ethical principles and then commands companies to explain how their management and actions honour those principles. Unfortunately this meant companies approached it like a mindless compliance checklist.
King IV™ also states principles, but more importantly, requires organisations to actively report on the implementation of the recommended practices thereof.
Mervyn King, the chair of the King Committee, dubs this the shift from a “apply OR explain” mentality to a “apply AND explain” mentality. The Report also allows organisations to report on alterative-implemented practices – provided they support and advance the principle.
To make the application simpler to grasp, King IV™ clearly differentiates between the long-term Outcomes, the ethical Principles and the recommended Practices. Essentially the new structure and its requirements mean companies have to engage in thoughtful implementation and reporting of those practices.
3. King IV™ is inclusive to more than just large companies
After King III, there was a significant demand for the inclusivity of smaller businesses, and governmental or non-profit organizations in the King Report.
Consequently, King IV™ dedicates an entire supplement chapter to guiding municipalities; non-profit organizations; retirement funds; small and medium enterprises and state-owned entities in the implementation of the Report.
Also, where King III used terms like “companies” and “boards”, King IV™ very purposefully uses more inclusive terms like “governing bodies” and “organizations” throughout the report. It’s clear that King IV™ aims to move the principles on good corporate governance into real-world action – for all organisations.
4. Difference 3: King IV™ pushes for more accountability, transparency and reporting
What King IV™ does quite differently from King III, is recommending the application of its principles within set timelines, reports and committees within it’s recommended practices.
King IV™ strongly propagates transparency, the delegation of responsibility and the implementation of accountability by putting pen to paper in term of officiated aims, bodies responsible for those aims and the provisions of consistent reports.
Take leadership as an example, where King III would just stipulate what being a good leader means, King IV™ advises you to set goals, delegate responsibility and evaluate progress through reports and accountability.
An example would be to set up a committee, consisting of lower management levels, with clearly identifiable responsibilities and then to measure their progress via reports. It comes down to the ignorance no longer being a valid excuse. Directors should be aware of all issues within your company.
Directors should take responsibility for everything that happens within their organisation – you can’t plead innocence on the grounds of not knowing. There should rather be reports in place to identify and uncover any discrepancies early on.
Essentially, where King III lacks in the aim of ensuring the actualization of good corporate citizenship, King IV™ steps up the game.
Entrepreneur Profiles7 days ago
8 Codes Of Success That Helped Priven Reddy of Kagiso Interactive Media Achieve A Networth Of Over R4 Billion
Technology6 days ago
3 Things Africa Must Get Right If It Wants To Leapfrog Into The 4th Industrial Revolution
Business Ideas Directory7 days ago
10 Cannabis Business Opportunities You Can Start From Home
Branding5 days ago
Why You Should Prioritise Brand Image
Entrepreneur Today2 weeks ago
Lyle Malander Scoops Top Prize In The SAICA Top-35-Under-35 CA(SA) Competition
Setting & Achieving Goals2 weeks ago
Your Worth Is Not Measured By Your Productivity
Start-up Advice7 days ago
7 Top Lessons You Can Learn From The US Cannabis Market
Innovation2 weeks ago
Innovate For Change – Think Like A Social Entrepreneur