The evolving data privacy regulatory landscape is transforming the way organisations and individuals think about the use and protection and of personal information. The need to manage personal information in a secure and compliant way is greater than ever since the announcement that the Protection of Personal Information Act (“POPIA”) is effective from 1 July 2020. This is in addition the already difficult business environment of protecting client data and the continued increase in the sophistication of cyber-crime
The introduction of POPIA, the increasing level of regulatory action and the changing cyber threat landscape, all drive an organisation’s privacy compliance requirements. On top of these risk and regulatory drivers, there are other factors that are forcing organisation’s to adapt and enhance their privacy practices - these include new technology, a greater focus on digital transformation and the changing public perception regarding the collection and use of personal information.
Considerations for business:
To minimize risks, and the amount of time it will take to meet new regulations, organizations first need to adopt a fresh mind-set on navigating the risk landscape. To accomplish this the following should be considered:
1. Do I understand my organization’s privacy obligations, risks, and if our compliance strategy is fit for purpose?
2. Am I making sound decisions and plans with regard to technology and business transformation initiatives involving personal information (e.g. customers and employees)?
3. Do I have a clear view of what personal information is being processed where, by who and for what purpose?
4. Am I confident in my organization’s ability to detect and manage a data breach effectively and timeously? Do I have confidence that our products, new ventures or acquisitions are privacy compliant?
5. Do I monitor both internal and third party supplier compliance in respect of privacy and security?
6. How will proposed regulation (POPIA and GDPR) impact our enterprise operations and risk appetite?
For more information on KPMG's Privacy services, please contact us on our email@example.com