With POPIA going live on July 1, here’s why organisations should embrace privacy laws

Andrew Bourne is the regional manager: Africa at Zoho Corporation. Photo supplied

Andrew Bourne is the regional manager: Africa at Zoho Corporation. Photo supplied

Published Jun 28, 2021


Andrew Bourne

NEW survey findings show that local data privacy laws positively affect business, helping organisations to mitigate risks, improve trust and protect their customers’ data better.

With only a few days left before the Protection of Personal Information Act (POPIA) takes effect, most businesses are implementing compliance strategies. If your company has not begun the compliance process in view of increased complexities or budget gaps, the only solution is to start right away. Notwithstanding short-term hiccups such as compliance costs and directional changes in marketing strategies, privacy regulations benefit companies in the long run. They increase customer confidence, maintain and uplift brand value and, most importantly, decrease the likelihood of a data breach.

Evidence of benefits

According to a new survey conducted by WorldWideWorx and commissioned by Zoho to understand the state of data privacy in Africa, an overwhelming 81% of South African businesses state that regional data privacy protection laws have had either no effect or a very positive effect on their business operations. This is true, and we have seen this happen earlier with other previously instituted regulations such as the GDPR. In fact, a 2019 Cisco report found that GDPR-compliant organisations eventually saw numerous benefits, including streamlined business processes, increased sales and increased investor appeal.

Proven compliance with a state law also increases brand credibility automatically. Awareness about aggressive data harvesting and reselling is increasing, and end users are today privy to the nefarious ways in which data-dependent companies monetise and use their information. Privacy-conscious consumers — a rapidly growing demographic — want an explicit assurance that the companies they trust their data with will protect them against misuse and breaches. We even saw privacy taking centre stage during the recent Apple Worldwide Developers Conference 2021, which further shows that data confidentiality practices are becoming integral to business longevity and trustworthiness.

Knowing that a company adheres to local privacy laws organically improves a customer’s willingness to share their data without mistrust, and increases the chances of retention and referrals.

Overcoming bottlenecks

Complexities are inevitable. Our survey, for instance, reveals that 34% of South African businesses report an increased cost of governance because of privacy laws, while 30% are concerned that the legal mandates will directly affect their marketing programmes. A lesser but still significant 28% state a general difficulty in navigating the intricacies of the overall compliance process.

In terms of overheads, compliance processes typically affect small and medium businesses the most, because mandates, such as appointing a privacy/information officer, can demand extra budgetary allocations. Then there’s the expenses that come with taking expert legal counsel to comprehend the regulatory requirements better. But it’s important to look at the costs as inherent to going digital.

Today, most businesses already spend hundreds of thousands of rands implementing digital systems to improve business efficiency. It is similarly crucial for organisations to make room in their IT budgets for steps such as appointing an in-house privacy officer or getting external consultation. These measures will help to have a clear understanding of privacy and security laws such as POPIA and build a robust digital framework that’s flexible enough to accommodate newer processes when fresh laws crop up across regions.

On the other hand, an effectiveness drop in marketing campaigns will be acutely felt only by organisations that are heavily dependent on third-party ad platforms for their revenue, as POPIA regulates “consent management” for such practices.

The law requires that businesses inform consumers beforehand about every single point of data collection/tracking and request consent. This includes the passive data gathering by third-party trackers and ad platforms that are employed by businesses for marketing purposes.

When given a choice to opt in or out of being tracked by unknown third parties, consumers will largely choose not to consent. However, this change brought forth by POPIA poses more of a moral decision than a marketing challenge for businesses; it pushes them to choose between unaffected sales targets or protecting customer data. Organisations that make the right choice have a greater chance of staying relevant for the longer term.

Embracing the positives

Not only does compliance strengthen data protection, erase the risk of arrests and fines, and greatly reduce the risk of reputational damage in the event of a breach, it also questions business ethics, entrenches customer trust and improves operational efficiency. Privacy laws are, in other words, not something to be resisted but embraced.

Andrew Bourne is the regional manager: Africa at Zoho Corporation.

* The views expressed here are not necessarily those of IOL or of title sites.


Related Topics:

company spin-off