Every SME out there should be concerned about the Protection of Personal Information (PoPI) Act and the impact it has on your bottom-line.
All businesses store and process personal information at some point, be it that of employees or customers. PoPI is all about effectively governing the usage and storage of that data.
Most businesses & their people today, require the ability to access that data online whilst working remotely. This creates a huge risk of non-compliance and exploitation.
The reality is that POPI does impact all businesses that have control over, or process any kind of personal information. According to Botha, Eloff, Swart (2015), “Personal information is defined by PoPI as any information relating to an identifiable, living, natural or juristic person”.
Why is PoPI Important to SME’s?
The answer is simple: Brand reputation, business impact, financial and legal consequences.
According to thought leader, Monisha Prem, “It is in your business’ best interest to comply with PoPI as the consequences of non-compliance are severe”. Monisha reports on some startling financial and criminal penalties:
- Civil action for damages
- Fines of up to R10 million
- 12 months to 10 years imprisonment.
This begs the question: What can a SME owner do to circumvent this risk, and better secure the information that resides on its network?
Below is some advice on how you can secure this information & your network by implementing some basic network security elements.
Step 1: Ask & Answer
If PoPI is all about the protection of personal information then answer some questions about that data:
- Where is the data stored?
- Who has access to the data and is access effectively governed?
- What is the data used for?
- Is the usage or processing of the data tracked and controlled?
Once you understand how and when all this data is being used & stored, you can then look at taking the first step in safeguarding your business against the repercussions of non-compliance or security breach.
Step 2: Start at the beginning, its always a good place to start
You need to secure & govern access to all your data. If you have a website, a CRM server, or are keeping any records accessible via the internet, your data integrity and SME is at risk.
By implementing proper data security and access control, you can protect your accountability as a business, and more effectively govern the use of that data.
By showcasing your willingness to comply, you can also increase trust between your business and your customers.
Think about it: I would rather share more information with a company that I can trust to take the proper precautions with my personal data. I would be more inclined to shop online through their e-commerce store, or place my electronic signature on an order or contract.
Some things to consider about first-line protection, are:
- Draft a data security policy that governs storage, processing, and security of personal data. Ensure that the actions mentioned in the policy are measurable
- Store the data on a secured server/s behind some form of firewall
- Implement stricter access control mechanisms for your network
Step 3: Tighten-up your access points
By controlling access to the data, you decrease the risk of exploitation. The best and most effective way to do that, is:
- Train your staff on proper information management. Most security breaches happen due to human vulnerabilities or ignorance
- Implement secure access control mechanisms such as login’s, passwords etc.
- Secure your network – Control access to your network and data by using a firewall.
Related: PoPI: This Changes Everything
Step 4: Invest in Tech. Educate your Assets
Use firewalls to secure your network/s good and proper. Train-up your staff on information security and data management practice, and lock-down your network – one-time-shoe-shine.
Innovative Business Solutions And Compliance
Compliance with certification is a strong way to demonstrate that you are managing your business proactively.
As a business owner, you are probably aware of where your business could improve. Sometimes a business owner would like to improve their business but is not sure how to begin. Therefore, it is of the utmost importance to develop an environment which will foster innovation and create key steps to improve your business while simultaneously trying to comply with all of the necessary legalities.
It is important for an entrepreneur to assess their situation first. Most business owners will ask the question why? Why can’t everyone will follow the same steps to success. Every business is different and unique, therefore, before you start making changes within your business, it is a good idea to make sure you have a full understanding of the factors affecting your business success and whether you are complying with necessary legalities.
Compliance may actually improve performance by giving your business a competitive edge. Legal compliance can assist you with improving your customer relations, enhancing your reputation and most importantly avoiding the cost of legal proceedings.
There’s this saying, ‘What gets measured gets improved’ explains Charles Gaudet, founder and CEO of Predictable Profits, a consulting firm that offers advanced marketing techniques to entrepreneurs who are passionate about expanding their small businesses.
Related: Compliance For Entrepreneurs
Here are a few strategies that you can use to make your business more profitable in the future.
Innovative Marketing solutions
For every business owner, marketing is an important tool to improve their businesses. You may think that you are missing an opportunity if you don’t jump right attracting customers with some type of marketing message.
However, as quoted by John Rampton ‘’one of the best things you can do to achieve growth is to slow down and spend time studying the trends.” What does this mean? While rushing into marketing your product you tend to forget certain details, and once it is out in the public its difficult to forget or to undo. Therefore, its very important to research the market and consumer trends before launching anything.
This becomes very important when you consider the potential risk to your business for the infringement of another product, which is confusingly similar to your product. You also do not wish to be guilty of using a similar brand name, slogan or logo as one of your competitors. Therefore, before you set out your personalised solutions when designing ads and directing messages to consumers ensure you are not infringing on anyone else’s rights as this will likely lead to expensive legal costs for your business.
Compliance Breeds Confidence
It is important to remember that clients are concerned whether suppliers are properly compliant. Compliance with certification is a strong way to demonstrate that you are managing your business proactively and that the money a customer will spend i.t.o. buying your goods or services, is in safe hands. Conversely a failure in compliance can, as well as exposing you to the risk of regulatory sanctions, severely damage your business’ credibility.
For example, in the financial services industry there is an increasing requirement to demonstrate strong security to both external auditors and prospective customers.
With regulation that you feel is of no value, determine how to satisfy the requirements with the minimum effort necessary. Do, however, double check that you are not missing out on a benefit that may be rewarding for your business.
In conclusion, it is important to note when improving your business one always need to act in accordance with the correct laws and procedures. Therefore, if a company is embracing the difficult task of being compliant, I recommend using this as a competitive weapon to improve your business. It just might end up making you and your team better which is usually rewarded with more business.
Policies and Procedures – A Critical Business Support Tool
No longer just an administrative burden, policies and procedures are an essential business support tool in a complex business environment.
In South Africa, SMMEs account for more than 70% of the overall employment rate. It’s critical, therefore, that SMMEs maintain both stability and growth concurrently – our country’s economic development depends on it. However, the tension between stability and growth must be managed, particularly in today’s complex regulatory environment with its ever-increasing compliance requirements.
Smaller organisations often consider policy creation, management and distribution as an administrative burden. Fortunately, growing numbers of small business owners and managers are realising that accessible and clearly-written policies and procedures are essential to business success.
Companies that create, manage and distribute clear policies and procedures reap significant business benefits, some of which are highlighted below.
Consistency and Stability
Clear policies and procedures ensure that staff and management adhere to specific ways of working, minimising time spent on analysis and interpretation, while creating consistency and stability across the organisation.
Policies and procedures allow new hires to onboard quickly, while ensuring they adhere to standard practices and controls.
Health and safety policies not only protect staff, but also visiting clients and stakeholders.
It is important to define boundaries around a position or role. Employees must know and understand their respective responsibilities.
Standardised procedures lead to cost efficiencies from both time and resource perspectives.
Policies and procedures allow organisations working in different areas to develop a uniform approach to business processes which, in turn, supports internal staff transfer when and if required.
Businesses operate in a highly regulated environment. Proof of compliance is not only required in terms of the regulatory environment, but also in terms of risk management and governance. SMMEs do not always appreciate the value demonstrable risk management and governance structures can have, albeit as intangible assets. These structures enhance the oversight role of any business, providing more developed and sustainable business strategies. An additional benefit is the ability to manage liability arising from negligence or malpractice suits. It is no longer enough just to have a policy in place though – distribution and access must be shown.
SMMEs can create and develop a learning culture depending on the availability and distribution of policies and procedures. Tests and assessments linked to specific policies confirm knowledge transfer, formalising both learning and the eligibility to complete tasks.
Given the ever-increasing complexity and competitiveness of business today, policies and procedures provide the parameters and guidelines of business operations, enhancing efficiencies, increasing value and promoting professionalism. Policies and procedures are no longer just an administrative function, they are a critical tool for business success.
4 Vital Differences Between King III And King IV™ On Corporate Governance
Ilana Steyn, unpacks some of the most significant differences between the Institute of Directors in Southern Africa’s (IoDSA) latest report on corporate governance, the King IV Report, and its former version, King III.
April 2018 marks a year since the effective date of the IoDSA’s (Institute of Directors in Southern Africa) latest report, the King IV Report on Corporate Governance ™ (King IV™), on effective and ethical corporate governance.
What is the King Report?
If you’re not familiar with the King Reports: it’s a series of reports that translate international standards and big-time happenings on corporate governance into set of local principles. Each new Report replaces the former.
The aim of the King Report is to set up actionable principles for South African company leadership to act as modern, good corporate citizens.
It also ensures those in leadership positions act in the best interest of the company and all parties influenced by the company. The first Report, King I, published in 1994, and was the first officiated document of its kind in South Africa.
Why is it useful to my business?
The Report also promotes transparency within your company’s leadership to ensure transgressions aren’t hidden that will eventually damage the company. The Report also ensure blunders can be evaluated, found and corrected ASAP. Today, its mandatory for all JSE listed companies to implement the Report into their company policy.
If you’re a smaller business or a non-profit, you can comply with the Report voluntarily; by applying the principles you’re essentially ensuring the long-term sustainability and survival of the business.
It also helps that create a healthy corporate culture and when your business’s foundation is healthy, growth is unthreatened.
If you haven’t applied any of the former Reports in your business, you’re in luck; King IV™ is the simplest, and seemingly the most practical, Report in the family of four reports.
Why was King IV™ needed?
Companies, especially smaller businesses, often struggled to apply the King III due to its long-winded structure.
King IV™ was needed because King III, published in 2009, was out-dated in terms of present-day concerns like technological advances, the increased need for online transparency, long-term resource sustainability and information security.
Here’s the rundown of the most significant differences between King IV™ and King III.
1. King IV’s™ structure is much simpler to apply
While King III did a good job of summarising the extensive scope of effective and ethical governance into 75 principles, the Report still lacked clear guidance on real-world application.
Ensuring the effective incorporation of all 75 vague, ethical principles was too exhaustive for most companies to implement, monitor and account for.
That’s why King IV™ took a different structural approach. King IV™ boiled good corporate governance down to 17 simplified principles, each supplemented with various recommended practices to make it easier for smaller companies to implement the principles within their day-to-day running.
2. King IV™ spotlights practical implementation
King III lists multiple ethical principles and then commands companies to explain how their management and actions honour those principles. Unfortunately this meant companies approached it like a mindless compliance checklist.
King IV™ also states principles, but more importantly, requires organisations to actively report on the implementation of the recommended practices thereof.
Mervyn King, the chair of the King Committee, dubs this the shift from a “apply OR explain” mentality to a “apply AND explain” mentality. The Report also allows organisations to report on alterative-implemented practices – provided they support and advance the principle.
To make the application simpler to grasp, King IV™ clearly differentiates between the long-term Outcomes, the ethical Principles and the recommended Practices. Essentially the new structure and its requirements mean companies have to engage in thoughtful implementation and reporting of those practices.
3. King IV™ is inclusive to more than just large companies
After King III, there was a significant demand for the inclusivity of smaller businesses, and governmental or non-profit organizations in the King Report.
Consequently, King IV™ dedicates an entire supplement chapter to guiding municipalities; non-profit organizations; retirement funds; small and medium enterprises and state-owned entities in the implementation of the Report.
Also, where King III used terms like “companies” and “boards”, King IV™ very purposefully uses more inclusive terms like “governing bodies” and “organizations” throughout the report. It’s clear that King IV™ aims to move the principles on good corporate governance into real-world action – for all organisations.
4. Difference 3: King IV™ pushes for more accountability, transparency and reporting
What King IV™ does quite differently from King III, is recommending the application of its principles within set timelines, reports and committees within it’s recommended practices.
King IV™ strongly propagates transparency, the delegation of responsibility and the implementation of accountability by putting pen to paper in term of officiated aims, bodies responsible for those aims and the provisions of consistent reports.
Take leadership as an example, where King III would just stipulate what being a good leader means, King IV™ advises you to set goals, delegate responsibility and evaluate progress through reports and accountability.
An example would be to set up a committee, consisting of lower management levels, with clearly identifiable responsibilities and then to measure their progress via reports. It comes down to the ignorance no longer being a valid excuse. Directors should be aware of all issues within your company.
Directors should take responsibility for everything that happens within their organisation – you can’t plead innocence on the grounds of not knowing. There should rather be reports in place to identify and uncover any discrepancies early on.
Essentially, where King III lacks in the aim of ensuring the actualization of good corporate citizenship, King IV™ steps up the game.
Snapshots2 weeks ago
27 Of The Richest People In South Africa
Self Development1 week ago
5 Inspiring Quotes From Madiba To Stir You Into Action On Mandela Day
Angel Investors5 days ago
A Comprehensive List Of Angel Investors That Fund South African Start-Ups
Entrepreneur Profiles4 hours ago
Karl Westvig Of Retail Capital Shares His Insights Into A Year-On-Year Double-Digit Growth Business
Ongoing Learning2 days ago
15 Of The Best And Most Unusual Online Courses For Entrepreneurs
Lessons Learnt2 days ago
11 Things Very Successful People Do That 99% Of People Don’t
Small Business6 days ago
Even SMEs Can Use Big Data: Here’s How
Company Posts2 weeks ago
Spoil Yourself And Book Your Stay At Constance Aiyana