The seven elements of POPI governance

Read time 2min 30sec
South African companies' interest in POPI governance is high, says Russell Opland, an independent consultant and privacy advisor.
South African companies' interest in POPI governance is high, says Russell Opland, an independent consultant and privacy advisor.

The major components of a successful privacy programme will be highlighted at ITWeb's 2015 GRC event, which will take place at The Forum, Bryanston, in February.

Among the speakers at the event is independent consultant and privacy advisor, Russell Opland, who has 10 years of experience leading large privacy programmes in the US, and is a subject matter expert on privacy and information security.

"No one in South Africa has experience with active privacy laws, regulations and active enforcement by regulators. Organisations are essentially developing privacy programmes in the dark, with the law as a framework. This does not translate well to business operations," says Opland.

"Practical experience from overseas regulators gives us very clear insights into what regulators, globally, expect of organisations, and hence, what we can anticipate from regulators locally. These insights shed light on how to operationalise privacy, and reduce organisational risk.

He will also discuss the seven elements of effective POPI governance during the GRC conference. "South African companies' interest in POPI governance is high in terms of wanting to understand the impact on business. However, commitment in general is relatively low in terms of executive sponsorship and budgeting... Various factors are at play here, including the state of the economy, absence of an effective date for the bulk of the law, and the perceptions of government and governance."

The primary governance objective, and how it delivers value, is vital to know, says Gary Hardy, owner of ITWinners. Globally recognised as an expert in IT governance, Hardy specialises in how IT can be better managed to deliver value, minimise risk and ensure alignment with real business needs.

"There is still an immature approach in most enterprises regarding the governance and management of IT in South Africa, though it is the only country to have a corporate governance code highlighting IT, and the only country whose government has made IT governance a national policy. King III and the government's DPSA policy and guidelines emphasise the importance of IT governance in South Africa. They emphasise the importance of IT as a strategic enabler and the need to manage IT-related risks if South African entities are to be successful," says Hardy.

As businesses worldwide are striving to achieve better corporate governance and effective measurement and management of risk, it is imperative to understand key areas in the field. The ITWeb Governance, Risk and Compliance conference will provide attendees with insight into achieving greater efficiency and success through applied strategies and technology.

Click here to find out more and register your interest in attending.

See also