With the Protection of Personal Information Act (POPIA) now in full force, South African organisations have until 30 June 2021 to be fully compliant. Under POPIA, any organisations doing business in South Africa that collects or stores the personal information of a South African citizen need to adhere to a strict set of obligations or risk heavy penalties.
According to Cameron Beveridge, Regional Director for Southern Africa at SAP, the new requirements offer an opportunity to local businesses to build trust with their customers. “New data privacy laws such as POPIA and Europe’s GDPR are designed to give individuals greater control over how and where their personal information is used. As organisations update their systems and processes to ensure compliance, they have the opportunity to deepen trust with their customers while also improving the overall customer experience.”
POPIA requires that organisations:
- Only collect information for specific purposes,
- Ensure the information is correct and up to date,
- Have security measures in place to protect the information,
- Only keep necessary information, and
- Allow citizens to access or view their information upon request.
“At the centre of this new dynamic is the concept of consent,” says Beveridge. “This requires that organisations implement an opt-in and opt-out system to allow individuals to choose whether they want an organisation to store or use their personal information.”
Non-compliance to POPIA carries heavy penalties of up to ten years’ imprisonment or R10-million in administrative penalties. “Organisations need to maintain proof of how, when, where and why they collected and processed customer data, and be able to provide transparency into how they collect and use customers’ data. However, managing this process manually is virtually impossible. Organisations should instead seek technology tools that can transparently present, collect and manage customer consent and help them manage customer profiles and preferences.”
SAP currently offers a suite of tools that improve the storing, processing and management of customer data. “Ideally, you want an audit-ready solution that presents and captures customers’ consent and preferences, maintains accurate records and consistent consent enforcement, and gives customers control through a self-service preference centre. As more of our interactions take place digitally in this new era of social distancing, having the correct tools in place to manage customer data while remaining compliant to legislation can also directly contribute to an improved customer experience – one of the driving factors for any successful modern business.”