How have businesses structured their compliance with PoPI? Everywhere you turn you find companies offering you a download of something in exchange for your contact details. Social media companies collect more data than ever before, and analytics is turning that information into a competitive advantage for them.
To protect your data privacy yet enable businesses to operate within the law, we have the PoPI Act in SA. The EU operates under the GDPR framework.
How have businesses structured their compliance with PoPI? Here are a few interesting statistics unearthed by TechRepublic, although not covering SA businesses:
Which department has primary responsibility for data privacy within your organisation?
The majority of survey respondents (51%) reported that IT is responsible for their organization’s data privacy.
Who is the data privacy leader within your organisation?
The privacy leader within the respondents’ organisations ranged from:
- chief information officer (CIO)/chief technology officer (CTO) at 21%,
- Data protection officer (DPO) at 16%,
- chief information security officer (CISO) at 11%,
- chief privacy officer (CPO) at 8%, and
- general counsel/chief counsel/chief legal officer (CLO) at 5%.
In addition, 19% of respondents were unsure who their privacy leader was.
What are the barriers to data privacy within your organisation?
Challenges to data privacy implementation ranged from:
- corporate culture (37%),
- lack of knowledge (35%),
- financial cost (33%) or
- lack of resources (33%),
- integration with existing tools (28%), and
- lack of either technical skills (25%) or leadership (24%).
Is your organisation currently meeting all GDPR requirements?
In terms of GDPR compliance:
- 16% of applicable respondents admitted that their organizations were not meeting requirements,
- 16% were still in the process of meeting requirements, or
- they were unsure (26%) about their company’s compliance, and
- 35% were meeting all GDPR requirements.
These statistics do not apply to SA but to other countries and the EU, yet a disconcerting lack of compliance with data privacy legislation is apparent.
Our feedback from medium-sized and large enterprises in SA indicates a level of commitment that is somewhat surprising yet pleasing. However, can we say the same of small, medium & micro-enterprises (“SMMEs)? It still requires a lot of work involving
- changes procedures,
- documentation to be designed or redesigned,
- training of employees & management, and
- recordkeeping of opt-in consent from clients, suppliers and even employees.
Lawful processing of personal information is paramount.
Contact us now if you need us to drive your compliance journey.
Do not delay.