Improving Business Processes With PoPI

At the same time this brought about an increase in security gaps as there was an accelerated need to move to a digital way of working. “Even with Stats South Africa finding that fewer people are working from home this quarter as opposed to the last, what this development has done is provide companies with the ideal opportunity to align organisational governance to PoPI,” says Lize Kloppers, Senior Business Analyst at Bizmod Consulting.

PoPI impacts organisations holistically, simply because personal information is embedded in any organisation that provides services or products or a combination thereof to customers; utilises third parties and employs individuals. From a customer perspective it impacts the way organisations communicate with, market to, and provide credit to customers. From an employee perspective it touches on how employees are recruited, assessed, onboarded as well as offboarded – incorporating the full employee journey. From a third-party perspective it impacts suppliers, vendors, and procurement.

Kloppers says that as the PoPI deadline looms one of the greatest challenges still facing many organisations is adjusting their policies to align with PoPI requirements and then being able to translate these into processes that are practical and understood by employees. Kloppers advises organisations to:

• obtain a view of how this is currently being done,
• highlight risks from a PoPI perspective,
• designing / adjusting to-be processes to be future-fit and flexible,
• staying mindful of the organisation’s business context,
• obtaining the buy-in from all relevant internal stakeholders, and
• most importantly, making sure that it works for the organisation as a whole.

“This process can be challenging yet rewarding as it forces a new way of thinking and highlights gaps where alignment is missing.  It also inadvertently presents any breaks in system integration and creates opportunities for integration and simplification,” says Kloppers.

She says that privacy by design has become important for organisations when implementing policies and processes as well as governance measures to meet PoPI requirements. A suitably designed and implemented Privacy Operating Model gives clear accountability, ensuring organisations meet governance requirements while empowering employees. Change management and associated training is another important element in the process to help employees understand what their role is and how and where their individual actions affect the process, as well as how their own personal information is being used by the organisation.

Kloppers concludes, “It is imperative, if they haven’t done so already, that all organisations rethink the way personal information is handled, keeping in mind and being true to the spirit and intent of the Act, which is to protect personal information, to strike a balance between the right to privacy and the need for the free flow of, and access to information, and to regulate how personal information is processed.”

Visit Bizmod’s website for more information.