Protection of personal information has always been a concern for many. For example, to ensure our bank PIN is protected when withdrawing money at an ATM, we often check around to see that no-one is within a close radius to see our bank PIN. We are also often advised to memorise our passwords instead of writing it down, as it may land up in the wrong hands and be used for malicious intent. There has never been a law to pressure us into doing this – it has always been voluntary. However, we have always tried and still try, to this day, to follow these tips because we see the value in protecting our personal information.
Governments all over the world have also seen the value in protecting personal information. So much so that they created laws to enforce it. As we know, in South Africa, the law that governs the protection of personal information is known as the Protection of Personal Information Act 4 of 2013 which is an enactment of Section 14 of the Constitution of South Africa.
We have heard many of our members and clients ask why, besides having to comply with the POPI requirements, it should be done? The feeling is one of frustration, as it is perceived as ‘just more regulation’ when, at the moment, the focus is to keep your business up and running and looking after your clients. These are good questions which we address in this newsletter.
Why should you comply with the POPI Act, other than the fact that it is a regulatory requirement?
At Masthead, we know that you care about long-term business sustainability and building long-term business value. We know that you also care about your family, clients, and employees. Therefore, the key reason to comply with the POPI Act is because it makes business sense.
You may be asking yourself the following questions:
- What additional benefits will POPI compliance bring to my business besides making it compliant with regulation?
- How does POPI compliance help my business remain profitable and sustainable?
- How does POPI compliance help my business retain its clients?
In this newsletter we will look at how POPI compliance ties into business planning and ultimately builds business profitability and sustainability, as well as client trust. We also look at why POPI compliance is more than just a regulatory requirement.
Business profitability and sustainability
Complying with the POPI Act is not about complying with the regulation, it is about building a long-term, solid business. One of the business strategies which will lead to this is making sure that your business processes and systems are set up to protect your clients’ personal information. When this is done, clients feel safe. Their experience with your business confirms that they can trust that your business, as far as it is in your power, is set up to keep them from harm e.g. employees will not negligently pass on their information. They can trust that your business is set up to keep them safe from cyber criminals being able to circumvent tried and trusted processes and gaining access to their information, which, for example, might lead to a payment into the wrong account, without verifying a new bank account number. Or, verifying that the withdrawal instruction meets all the requirements as per the business Operation Manual e.g. an electronic signature. Embedding these types of practices and processes, brings your business into the realm of Data Privacy Management. Data Privacy Management is about building long-term business sustainability because day-to-day activities are properly structured and constantly reviewed to protect clients’ personal information.
In a previous article we highlighted the impact of cybercrime on your business and clients and shared steps to avoid falling victim to cybercrime. If you missed the article, read it here.
We invite you to think about this, because, just as there are negative consequences for non-compliance with the POPI Act, there are positive consequences for complying. Therefore, when you think POPI compliance think long-term business sustainability and client trust. Adhering to the requirements and integrating Data Privacy Management as ‘business as usual’ may result in your business being the one that clients turn to and refer their family and friends to, to protect their personal information. This ultimately supports long-term business goals and objectives. According to an article published in the Daily Maverick, 85% of small businesses are discovered by customers due to word-of-mouth recommendations. The same article also indicated that 92% of consumers trust recommendations from friends and family (BigCommerce).
When was the last time you looked at your Business Plan? Have your business objectives changed due to the consequences of COVID-19? Have you relooked your SWOT Analysis recently? Not all businesses have gone back to the office, and if you fall into this category, are there specific risks to consider with employees still working remotely? Are there new weaknesses and/or threats to consider based on the increase in cybercrime in general, whether working from the office or working remotely? Have you considered the requirements of the POPI Act?
Having been in business for many years, our members know that effective business planning requires a holistic view of the business, taking into account all factors which may impact the business. This prepares the business for what may come its way, ensuring it remains profitable and sustainable despite any challenges.
In support of this, here are some interesting statistics related to business planning in the Australian IFA market:
It is always good to plan. If you fail to plan, you are planning to fail – Benjamin Franklin.
Masthead offers an informative business planning webinar which will help you develop a road map to follow to ensure the success and growth of your business. Find out more about this webinar.
Client trust and retention
As mentioned earlier, suitable and effective business processes and systems related to POPI compliance help to build a long-term, solid business and also client trust. Further to this, part of the business planning process includes implementing strategies, such as partnering with trusted Product Suppliers whose products match your clients’ needs and objectives in order to provide suitable financial planning solutions and retain clients. Without clients there is no business, so let us look at how POPI compliance is a key factor in building client trust and retention.
This also implies that clients do not necessarily want businesses to promise them that a breach will never occur. Instead, they want to see that businesses value and respect them. One way of doing this is by implementing policies and procedures which can help the business protect client data as best as possible e.g. ensuring all employees undergo Data Privacy Management training and awareness which takes into consideration Job Descriptions and discussing where breaches may occur. By doing this, the business ensures that a culture of protecting client personal information is instilled in the day-to-day work ethic. Consider adding specific clauses into Job Descriptions relating to the POPI Act requirements. Identify areas where data is kept which is not necessary e.g. CVs of unsuccessful candidates. Consider your Staff Recruitment and Selection Process – do you keep or shred unsuccessful candidates’ CVs?
Another way of doing this is by ensuring adequate security measures are implemented e.g. data encryption. Data encryption is particularly useful when sending personal information to a client via email. Participants in the PWC survey indicated that proactively encrypting all consumer information and company databases (38%) is part of the foundations of trust best practices.
From a recordkeeping perspective, please have employees sign acknowledgement that they have received and understand the actions to be taken in the event of a breach.
From the research one can see that there is clear link between client trust, POPI compliance and integration of Data Privacy Management. As we know, the more the clients trust the business the more likely they will stay with the business and possibly refer colleagues, friends and family. According to an article by Elizabeth Akass based on insight from the Edelman Trust Barometer, three quarters of the people in their database say that they actively recommend a business they trust. The article goes on to say, customers who trust you are more likely to engage with, buy from, advocate for, and defend you. We have always known that client trust is important. But what we want to highlight is that the actions needed to create client trust and retention, overlap the requirements of the POPI Act.
We trust that this article has provided you with insight into how effective business planning supports POPI compliance which in turn supports client trust and retention. As we have discussed POPI compliance has a direct effect on the business reputation and client trust, which are key components in achieving business planning objectives such as client growth and business sustainability. Without clients there is no business. 40% of consumers globally would pay more to do business with an organisation that is committed to protecting their personal data (OpenText, 2020). We therefore encourage you to look at the benefits of becoming POPI compliant, by including it as a Key Strategic Indicator in your business planning process.
We would also like to keep track of what is happening in your world. Please feel free to share your positive stories, as well as your challenges, so we can explore ways to support you during the coming months. You can email us at email@example.com