The clock is ticking even though a final deadline hasn't been set. It is imperative that organisations are completely au fait with POPIA now before the deadline looms and companies are scrambling to avoid massive fines and jail time. ITWeb Events is presenting ITWeb POPI Update II on 21 November 2017. This critical update will ensure that you end 2017 completely up to date with what to expect from 2018.
The time to comply is now. Once the date for compliance has been set in stone and the one year grace period kicks off, you will already be behind, if you haven't at least started investigating and understanding what will be expected of you and each individual in your team.
ITWeb Events: You are presenting on the implementation of POPI - what are the most important points that an organisations should consider before going down this road?
Bure: In my opinion, POPI should be seen as a 'lifestyle change', rather than a 'compliance' project. POPI is literally about the protection of personal information. It is about treating other people's information with respect. It goes back to the most basic of human values, and has a huge change management component. If organisations (regardless of size) first and foremost focus on training, coaching and adjusting the mindset of the entire team, the mechanics of implementation will be much easier. Next up, everyone should start identifying gaps and potential problem areas.
ITWeb Events: What are the three key POPI implementation challenges experienced by organisations that you work with? What should organisations look out for?
Bure: Sponsorship and priority: POPI must be driven by executive management. The moment it is seen as a compliance or IT or divisional implementation, the chances of success are hugely diminished. There are many projects and initiatives creating pressure on everyone's time. These range from AI and robotics, to regulatory compliance, to gaining or regaining market share. Without sponsorship at the right level, organisations struggle to elevate the priority and therefore obtain the necessary budget to implement POPI.
Time/Effort: It is very easy to underestimate the effort involved to implement POPI. It impacts almost every person and every process and every system. It covers almost every contract, agreement, policy and framework. It is a full enterprise-impacting project.
BAU vs project: Many organisations believe that POPI can simply be incorporated into their everyday business process. Invariably, without giving the implementation specific focus and energy, the likelihood of success drops substantially.
ITWeb Events: Why, in your opinion, are many organisations employing a 'wait-and-see' attitude when it comes to implementing POPI?
Bure: Inertia. POPI has had an exceptionally long 'preparation time'. It was first drafted as a Bill back in 2004, with the Bill being tabled in 2009. It was gazetted in 2013, and the regulator appointed in 2016. Most organisations are feeling a little battle-weary.
ITWeb Events: Does one have to understand every letter of the Act prior to starting the implementation process - or can one 'learn' as you go along? And why?
Bure: As discussed above, I think an organisation has to completely understand the spirit of POPI. Once the entire organisation has their thinking aligned, the mechanics and individual stipulations in the Act start to make sense, and identifying the gaps and remediation becomes easier.
There is definitely an element of 'learn as you go'. There is no one-size-fits-all for POPI. Although we all have to comply with the same sections, the implementation will be very different.
ITWeb Events: What is the first question that most clients ask when engaging you in conversation on this subject?
Bure: Most organisations see compliance or regulatory projects as a grudge spend. The first instinct is therefore usually 'what is the minimum I have to do to comply?' and 'how can I do this without spending my valuable money?'
Fortunately, POPI allows us to create bespoke solutions for each client. Whilst we all need the basic artefacts in place, the subtle nuance of 'how' is as individual as each company is. It depends on where they are on their privacy journey, their systems, their processes, their value-chain.
ITWeb Events: Why did you say yes to presenting at the upcoming POPI Update II? What is it that you bring to the table and what do you want attendees to take away with them after your presentation?
Bure: I understand POPI. I understand what it is trying to achieve - and I like it!
Along with my team, we have implemented POPI in various organisations. These range from major banks, to a nursery school, government organisations and SMEs. We have helped many organisations plan, scope, spec and structure their POPI projects. We have trained hundreds of people ranging from executives to project team members. Our approach is practical, hands-on and no-nonsense. I am personally working in the field, implementing POPI on a day-to-day basis.
Why did I say yes? I want to make this journey as easy as possible for everyone. Doing it wrong can be painful for everyone involved. Doing it right can create a magnificent market differentiator and create a wonderful customer-centric environment. Some early adopters sell their POPI-readiness as a competitive advantage, using it to illustrate how much they care about their customers.
Share