We regularly find, at an initial consultation in respect of POPIA compliance, that clients are sceptical when we advise them that there is a lot of work to be done. The observation is often that, because their IT systems are continuously updated and very secure, the compliance box has been ticked.
This is a dangerous misconception. Sound IT security is an important part of complying with a POPIA set of goals, but represents one layer only in the safety net that the Act prescribes in respect of the safeguarding of personal information. The ideal scenario to achieve compliance is where the business owners appreciate that POPIA is not an IT problem, but a people challenge. The majority of information risks occur at the hands of uninformed employees.
That is why POPIA compliance specialists do not sell one-size-fits-all solutions. The emphasis falls rather on guiding the business owner to embrace the governance changes that complying with POPIA requires within his or her individual business, and to ensure that protection of the personal information becomes the client’s usual way of doing business. This is achieved, on the one hand, by securing the buy-in from the business’ management team and, on the other, by upskilling employees through training and skills development.
This is our second instalment on the misconceptions regarding POPIA and compliance. If you missed the previous, read the Thought of the Week | POPI IS FOR BIG BUSINESSES TO WORRY ABOUT and the Blog | YOUR BUSINESS AND POPIA.
Contact us should you have enquiries or need assistance complying with POPIA at firstname.lastname@example.org