Focusing on data compliance

March 1st, 2018, Published in Articles: PositionIT

Data compliance is an important facet of any business today. For companies relying on customer data for product distribution and development of better solutions, meeting the requirements of personal data protection regulation is critical.

Angelique Strumpher

Angelique Strumpher

Technology makes it easy to access, collect, and process high volumes of personal and company data at high speeds. This information could be sold and used for further processing. In the wrong hands this could create irreparable harm to individuals and companies.

As an individual or an organisation, people want access to platforms which includes the right to privacy and protection of personal information in terms of the data footprint that they leave behind.

To protect the right to privacy and to avoid the abuse of personal information, data protection legislation was needed, and the Protection of Personal Information (PoPI) Act 4 of 2013 was promulgated. The implementation of the POPI Act is a reality for service providers and consumers alike. Every entity that collects, stores, and modifies information must comply with the conditions required for the lawful processing of that data.

Understanding your role in the PoPI process is critical in understanding your rights and obligations in terms of compliance:

  • All entities (natural persons and organisations) are “data subjects” and are afforded the right to protection of personal information.
  • As a provider of either goods and services or both, a company or organisation is considered a “responsible party”.
  • A “responsible party” is obligated to protect the personal information of its customers, employees, suppliers, vendors, service providers and business partners; in other words, all data subjects across all business touch points.

At any given time, an employee could be both a data subject and a responsible party.

A company that is seen to be taking all the necessary precautions to protect their customer data, respect the rights of their clients and the use of data as consented, will have a competitive advantage, especially with the rise of tech startups offering consumers more nuanced solutions.

Financial services in particular should pay special attention. The Financial Services Board along with the FAIS Ombudsman are more than ready to fine and suspend an FSP license if they are found to have stepped outside of the law by misusing customer data for their own personal gain without the consent or knowledge of that customer, or have failed to protect sensitive information. It must be noted that as a “responsible institution” under FICA (Financial Intelligence Centre Act) a company is obligated by law to report transactions that fall within the ambit of this act to the FIC (Financial Intelligence Centre).

Global changes

The European Union is in the process of implementing the General Data Protection Regulation (GDPR) which will become effective in May 2018. With the threat of fines up to €20-million or 4% of annual global turnover if found to be in breach of GDPR, companies are under immense pressure to re-evaluate measures to strengthen data protection for their customers.

Closer to home, Microsoft will soon be opening two Azure data centres in South Africa (Johannesburg and Cape Town) focused around delivering cloud offerings to the continent. Once launched, this will drive renewed interest around data sovereignty and adhering to a constantly evolving regulatory environment. This creates opportunities for companies to embrace a digital culture by providing customers with more enhanced and bespoke local services.

Prioritising data

Businesses understand the competitive advantage of data. It is therefore imperative that their data is secure, protected, and used in a manner that complies with regulatory requirements. The analysis of data to better understand customer behaviour to develop customised solutions is key in ensuring that data use mutually benefits both the company and the customer. Technology and product development should be aligned to ensure data compliance when implementing solutions.

The secret is finding the right balance between data integrity, data use and analysis, and data compliance to strategically drive profitability.

Send your comments to