With POPIA going live on July 1, here's why organisations should embrace privacy laws

Andrew Bourne

By Andrew Bourne, Regional Manager – Africa, Zoho Corporation

New survey findings show that local data privacy laws positively affect business, helping organisations mitigate risks, improve trust and protect their customers’ data better.

With just a day left for South Africa’s Protection of Personal Information Act (POPIA) to take effect, most businesses are busy implementing compliance strategies. If your company hasn’t yet begun the compliance process in view of increased complexities or budget gaps, the only solution is to start right away. Notwithstanding short-term hiccups like compliance costs and directional changes in marketing strategies, privacy regulations benefit companies in the long run. They increase customer confidence, maintain and uplift brand value, and most importantly, decrease the likelihood of a data breach.    

Evidence of benefits

According to a new survey carried out by WorldWideWorx and commissioned by Zoho to understand the state of data privacy in Africa, an overwhelming 81% of South African businesses state that regional data privacy protection laws have had either no effect or a very positive effect on their business operations. This is true, and we have seen this happen earlier with other previously instituted regulations like the GDPR. In fact, a 2019 Cisco report found that GDPR-compliant organisations eventually saw numerous benefits, including streamlined business processes, increased sales, and increased investor appeal.

Proven compliance with a state law also increases brand credibility automatically. Awareness about aggressive data harvesting and reselling is increasing, and end users are today privy to the nefarious ways in which data-dependent companies monetize and use their information. Privacy-conscious consumers—a rapidly growing demographic, want an explicit assurance that the companies they trust their data with will protect them against misuse and breaches. We even saw privacy taking centre stage during the recent Apple WWDC 2021, which further shows that data confidentiality practices are becoming integral to business longevity and trustworthiness.  

Knowing that a company adheres to local privacy laws organically improves a customer’s willingness to share their data without mistrust and also increases the chances of retention and referrals.

Overcoming bottlenecks

Complexities are inevitable. Our survey, for instance, reveals that 34% of SA businesses report an increased cost of governance due to privacy laws while 30% are concerned that the legal mandates will directly affect their marketing programs. A lesser but still significant 28% state a general difficulty in navigating the intricacies of the overall compliance process.

In terms of overheads, compliance processes typically affect small and medium businesses the most since mandates like appointing a privacy/information officer can demand extra budgetary allocations; then there’s the expenses that come with taking expert legal counsel to better comprehend the regulatory requirements. But it’s important to look at the costs as inherent to going digital. Today, most businesses already spend hundreds of thousands implementing digital systems to improve business efficiency. It is similarly crucial for organisations to make room in their IT budgets for steps such as appointing an in-house privacy officer or getting external consultation. These measures will help to have a clear understanding of privacy and security laws like the POPIA and build a robust digital framework that’s flexible enough to accommodate newer processes when fresh laws crop up across regions.

On the other hand, an effectiveness drop in marketing campaigns will be acutely felt only by organisations that are heavily dependent on third-party ad platforms for their revenue, as the POPIA regulates ‘consent management’ for such practices. The law requires that businesses inform consumers beforehand about every single point of data collection/tracking and request consent. This also includes the passive data gathering by third-party trackers and ad platforms that are employed by businesses for marketing purposes. When given a choice to opt-in or -out of getting tracked by unknown third-parties, consumers will largely choose not to consent. However, this change brought forth by POPIA poses more of a moral decision than a marketing challenge for businesses; it pushes them to choose between unaffected sales targets or protecting customer data. Organisations that make the right choice have a greater chance of staying relevant for the longer term.

Embracing the positives

Not only does compliance strengthen data protection, erase the risk of arrests and fines, and greatly reduce the risk of reputational damage in the event of a breach, it also questions business ethics, entrenches customer trust and improves operational efficiency. Privacy laws are, in other words, not something to be resisted but embraced.

Visit the official COVID-19 government website to stay informed: sacoronavirus.co.za