(and they have nothing to do with POPIA really)
It has become clear in recent years that the proper treatment of their personal information matters to consumers (we have tested this), but why should it matter to the businesses who are using the information? Put differently, how can a business justify spending money on and committing resources to complying with the Protection of Personal Information Act (POPIA)? Because POPIA compliance and the risk of not treating personal information with care is about much more than legal compliance.
For most businesses PI is an asset. Whether it is central to its services or only used for marketing, there is value to having PI which is of a good quality (which is one of the requirements of POPIA compliance) and is kept secure (another requirement). The loss of or damage to this asset results (often directly) in loss of profit.
Becoming POPIA compliant will increase transparency which in turn will inspire trust in the business.
Non-compliance with legislation like POPIA has increasingly restricted companies’ ability to transact with other companies in the ‘information economy’.
As is the case in respect of POPIA, it is the norm internationally that PI cannot be exchanged with companies who do not comply with strict data protection laws.
This is one of the reasons why we see so much emphasis on the EU-US Privacy Shield Framework (the old Safe Harbour Agreement).
#3 Preventing loss of reputation
Privacy has become increasingly important to consumers as the internet started playing a central role in their lives and how the interact and transact with companies. Privacy breaches result in losses in profit, but also affects consumers’ trust in the company.
When consumers do not trust a company they are not likely to give them their PI.
Here is an awesome infographic about the biggest breaches since 2004.
#4 When it is done right POPIA compliance saves you money
We don’t believe in compliance for compliance’s sake. POPIA compliance projects should lead to a reduction in operational costs.
Investigations into information governance often reveal inefficient processes and systems, badly designed forms lead to data quality problems, data quality problems keep the call centre busy…you catch my drift?
Fixing that should be the priority – POPIA compliance is just an added bonus.
#5 Legal compliance
Achieving legal compliance brings with it a reduction in the risks of restrictions on processing activities, fines and lawsuits. POPIA will establish a new Information Regulator who will have wide ranging powers to prohibit the processing of PI which it deems unlawful.
The Information Regulator can impose administrative fines of up to R10 million.
Last but not least data subjects will be able to bring claims for damages against offending businesses and POPIA provides that the Information Regulator can bring these claims on their behalf.
Need help to get started? We would love to help. We do POPIA, big time. Get in touch!