With these latest developments, it is quite astonishing to observe the increased and sudden spark of interest across various industries.
Finally organisations have the proposed piece of legislation (POPI) on their doorstep and cannot allow themselves to persist in postponing remediation efforts.
From our experience, it can take moderate to large organisations anything between 4 - 12 months to conduct a Privacy Gap Analysis, or also sometimes loosely referred to as a Privacy Impact Assessment (although this term should ideally be associated with internal efforts).
The subsequent remediation effort (depending on the findings) can take anything between 6 months to 3 years and is an ongoing process. I am therefore sometimes amased to see how some large organisations are still downplaying POPI - the impact it will have on their processes and their way of doing business going forward - by continuing with stalling the process of embarking on a POPI project.
Most companies are oblivious to the fact that POPI has far reaching effects on almost every aspect of their business (Legal & Compliance, HR, Information Governance, CRM, Information Security, Records Management etc.) and that consequences of non-compliance could have dire consequences, not just from a regulatory perspective, but even more so from a reputational perspective.
Oneman operators as well as SMMEs should also familiarise themselves with the
workings of POPI. Too much emphasis are sometimes placed on the larger organisations and it would seem that an insignificant amount of smaller entities have studied the impact of POPI on their own dealings and day to day operations.
An ineffective Regulator (which I doubt), will not halt civil remedies offered to the public and organisations and SMMEs alike are well-advised not to underestimate the prowl and awareness of current day consumers and customers.
Remember, you can have security without privacy, but you cannot have privacy without security.
Receiving therefore only security (physical and IT) consulting on your systems and operations or gaining purely legal advice, will prove futile. A comprehensive data protection analysis, encompassing a balanced approach with thorough understanding of POPI and the organisational environment it affects, should in our opinion be considered.
Download a copy of the final draft of POPI here.