Meet your CPD requirements effortlessly with our quick Express CPD activities before the cycle ends on 31 May 2024. Learn more.

When you think of POPI Compliance and Data Privacy Management, think of business sustainability & ...

Posted on 12 Apr 2021

Protection of personal information has always been a concern for many. For example, to ensure our bank PIN is protected when withdrawing money at an ATM, we often check around to see that no-one is within a close radius to see our bank PIN. We are also often advised to memorise our passwords instead of writing it down, as it may land up in the wrong hands and be used for malicious intent. There has never been a law to pressure us into doing this – it has always been voluntary. However, we have always tried and still try, to this day, to follow these tips because we see the value in protecting our personal information.

Governments all over the world have also seen the value in protecting personal information. So much so that they created laws to enforce it. As we know, in South Africa, the law that governs the protection of personal information is known as the Protection of Personal Information Act 4 of 2013 which is an enactment of Section 14 of the Constitution of South Africa.

We have heard many of our members and clients ask why, besides having to comply with the POPI requirements, it should be done? The feeling is one of frustration, as it is perceived as ‘just more regulation’ when, at the moment, the focus is to keep your business up and running and looking after your clients. These are good questions which we address in this newsletter.

Why should you comply with the POPI Act, other than the fact that it is a regulatory requirement?

At Masthead, we know that you care about long-term business sustainability and building long-term business value. We know that you also care about your family, clients, and employees. Therefore, the key reason to comply with the POPI Act is because it makes business sense.

You may be asking yourself the following questions: 

  1. What additional benefits will POPI compliance bring to my business besides making it compliant with regulation?
  2. How does POPI compliance help my business remain profitable and sustainable?
  3. How does POPI compliance help my business retain its clients?

In this newsletter we will look at how POPI compliance ties into business planning and ultimately builds business profitability and sustainability, as well as client trust. We also look at why POPI compliance is more than just a regulatory requirement.

Business profitability and sustainability  

Complying with the POPI Act is not about complying with the regulation, it is about building a long-term, solid business. One of the business strategies which will lead to this is making sure that your business processes and systems are set up to protect your clients’ personal information. When this is done, clients feel safe. Their experience with your business confirms that they can trust that your business, as far as it is in your power, is set up to keep them from harm e.g. employees will not negligently pass on their information. They can trust that your business is set up to keep them safe from cyber criminals being able to circumvent tried and trusted processes and gaining access to their information, which, for example, might lead to a payment into the wrong account, without verifying a new bank account number. Or, verifying that the withdrawal instruction meets all the requirements as per the business Operation Manual e.g. an electronic signature. Embedding these types of practices and processes, brings your business into the realm of Data Privacy Management. Data Privacy Management is about building long-term business sustainability because day-to-day activities are properly structured and constantly reviewed to protect clients’ personal information.

In a previous article we highlighted the impact of cybercrime on your business and clients and shared steps to avoid falling victim to cybercrime. If you missed the article, read it here.

We invite you to think about this, because, just as there are negative consequences for non-compliance with the POPI Act, there are positive consequences for complying. Therefore, when you think POPI compliance think long-term business sustainability and client trust. Adhering to the requirements and integrating Data Privacy Management as ‘business as usual’ may result in your business being the one that clients turn to and refer their family and friends to, to protect their personal information. This ultimately supports long-term business goals and objectives. According to an article published in the Daily Maverick, 85% of small businesses are discovered by customers due to word-of-mouth recommendations. The same article also indicated that 92% of consumers trust recommendations from friends and family (BigCommerce). 

When was the last time you looked at your Business Plan? Have your business objectives changed due to the consequences of COVID-19? Have you relooked your SWOT Analysis recently? Not all businesses have gone back to the office, and if you fall into this category, are there specific risks to consider with employees still working remotely? Are there new weaknesses and/or threats to consider based on the increase in cybercrime in general, whether working from the office or working remotely? Have you considered the requirements of the POPI Act?

Having been in business for many years, our members know that effective business planning requires a holistic view of the business, taking into account all factors which may impact the business. This prepares the business for what may come its way, ensuring it remains profitable and sustainable despite any challenges.

In support of this, here are some interesting statistics related to business planning in the Australian IFA market:

It is always good to plan. If you fail to plan, you are planning to fail – Benjamin Franklin.

Masthead offers an informative business planning webinar which will help you develop a road map to follow to ensure the success and growth of your business. Find out more about this webinar.

Client trust and retention

As mentioned earlier, suitable and effective business processes and systems related to POPI compliance help to build a long-term, solid business and also client trust. Further to this, part of the business planning process includes implementing strategies, such as partnering with trusted Product Suppliers whose products match your clients’ needs and objectives in order to provide suitable financial planning solutions and retain clients. Without clients there is no business, so let us look at how POPI compliance is a key factor in building client trust and retention.

Many clients’ awareness of the POPI Act has increased and many may have been a victim of a data breach e.g. if their personal information was held by Experian, Momentum, ABSA, or Liberty. As a result, you will find that clients are beginning to ask more data privacy-related questions. For example, why do you need a credit reference when the financial solution is life cover? Is it really necessary to establish affordability? Who else will have access to my information? How will you secure my personal information? In this instance the business can use its Privacy Policy Statement to answer these questions.

For a list of the types of activities you should consider when moving toward POPI compliance, including drafting a Standard Privacy Policy Statement, read POPI Act compliance: Are you ready for 1 July 2021?

A Privacy Policy Statement is not a requirement of the POPI Act but can be used to gain client trust as it contains information about how personal information is processed and shared. According to the PWC Consumer Intelligence Series, Trusted Tech survey, transparency about a company’s use of consumer data, and transparency about whether and how their data is shared was cited as crucial policies.

This also implies that clients do not necessarily want businesses to promise them that a breach will never occur. Instead, they want to see that businesses value and respect them. One way of doing this is by implementing policies and procedures which can help the business protect client data as best as possible e.g. ensuring all employees undergo Data Privacy Management training and awareness which takes into consideration Job Descriptions and discussing where breaches may occur. By doing this, the business ensures that a culture of protecting client personal information is instilled in the day-to-day work ethic. Consider adding specific clauses into Job Descriptions relating to the POPI Act requirements. Identify areas where data is kept which is not necessary e.g. CVs of unsuccessful candidates. Consider your Staff Recruitment and Selection Process – do you keep or shred unsuccessful candidates’ CVs?

Another way of doing this is by ensuring adequate security measures are implemented e.g. data encryption. Data encryption is particularly useful when sending personal information to a client via email. Participants in the PWC survey indicated that proactively encrypting all consumer information and company databases (38%) is part of the foundations of trust best practices.

44% of consumers in the PWC survey call ‘transparency and quick action after a breach’ important steps when it comes to building or rebuilding trust. This identifies the clear link between client trust and POPI-related activities e.g. a Privacy Policy Statement and a data privacy incident/breach response plan. However, what is important to remember is to ensure a quick response, which means all employees must be trained on how to identify a breach in order to be able to report it immediately. A key element is training employees on the incident/breach response plan or what steps are required from them to activate the plan, should a breach occur.

From a recordkeeping perspective, please have employees sign acknowledgement that they have received and understand the actions to be taken in the event of a breach.

From the research one can see that there is clear link between client trust, POPI compliance and integration of Data Privacy Management. As we know, the more the clients trust the business the more likely they will stay with the business and possibly refer colleagues, friends and family. According to an article by Elizabeth Akass based on insight from the Edelman Trust Barometer, three quarters of the people in their database say that they actively recommend a business they trust. The article goes on to say, customers who trust you are more likely to engage with, buy from, advocate for, and defend you. We have always known that client trust is important. But what we want to highlight is that the actions needed to create client trust and retention, overlap the requirements of the POPI Act. 

We trust that this article has provided you with insight into how effective business planning supports  POPI compliance which in turn supports client trust and retention. As we have discussed POPI compliance has a direct effect on the business reputation and client trust, which are key components in achieving business planning objectives such as client growth and business sustainability. Without clients there is no business. 40% of consumers globally would pay more to do business with an organisation that is committed to protecting their personal data (OpenText, 2020).  We therefore encourage you to look at the benefits of becoming POPI compliant, by including it as a Key Strategic Indicator in your business planning process.


A national supplier of risk management services to independent financial advisors and other licensed financial service providers (FSPs). Established in 2004, we help our clients overcome their risk management challenges so they can grow and thrive in an increasingly regulated industry. Providing professional guidance and practical support, our team of specialists is passionately committed to delivering tangible solutions.

Why Masthead?



021 686 3588


  Show Email


Masthead is a level 1 B-BBEE contributor.

Read more and view certificate