Protecting Personal Information

Protecting your clients or customers personal information is fast becoming a way of life’ in our businesses today. It is our responsibility, obligation and an integral part of customer relationship management, and how we manage our businesses.

From a legal or statutory requirement perspective, the subject of protecting personal information as required by data protection and privacy laws, such the Protection of Personal Information Act (POPI / POPIA) and the EU General Data Protection Regulation (GDPR), is often seen as a compliance burden.  Whilst there is an obligation for compliance with regulations, it should not be seen in a negative light, the value this requirement adds to your clients far outweighs the fulfilling and implementing this regulation. How?  Because the peace of mind you, and particularly your clients will have with this protection in place is immeasurable.

What does this POPI act mean and what are the implications regarding protecting personal information? 

Think about how broad the definition of “personal information” can be: customers, employees, suppliers, in fact anyone we interact with as a business.  The POPI Act / POPIA was signed into law in November 2013 and is expected to become effective in 2019.  Organisations will then have twelve months to become fully compliant or face the prospect of some potentially stiff penalties (including fines of up to R10 million) or worse reputational damage and loss of customers.  GDPR has already become effective in May 2018 and impacts on organisations that offer products and services to EU residents and that process their personal information.

However, on the positive side, the POPI Act is a great opportunity to boost confidence in our business by demonstrating the way we manage sensitive personal data. Personal information includes data of customers, suppliers and employees, whether they are in emails, invoices, databases or on paper. This means showing that the processes and procedures are in place to handle effectively and securely all aspects of personal information protection.

Local consulting company IACT-Africa representative, John Cato, emphasises that while there are potential penalties, the more significant business risk is that of reputational damage occurring where organisations have not implemented adequate measures.   As a customer, we expect organisations to protect our personal information in a responsible manner.  If we feel that our information is not being protected, we have the right to go to a competitor who demonstrates that they do.

Here is a customer’s perspective; IACT-Africa is currently providing assistance to Dainfern Valley Estate on their project. General Manager, Jacques Wolmarans, feels strongly that the need to establish personal information protection measures is far more of a business leadership and governance issue than a compliance issue.

At IACT-Africa we provide a range of products and services to help and guide your business through the preparation and process for implementing and becoming compliant with the POPI Act and GDPR. These include training courses which are offered at Eagles Nest Conference Centre in Fourways and onsite at your own premises.

For more information, please visit or give John a call on 010 500 1038

Copyright © John Cato & Dr Peter Tobin, 2018. All rights reserved.

Leave a Reply

Your e-mail address will not be published. Required fields are marked *