Page 28 - EngineerIT August 2022 Digital
P. 28

PoPIA



        business processes because they fear   information immediately after processing it, to avoid any unnecessary exposure to data
        legal retribution. In so doing, they fall   stores. However, a few months later the client is back on our doorstep asking us to
        foul of their own legal requirements   undo this request as they can no longer support their customer queries due to a lack of
        because of other legislative influences   access to data. In all instances, the understanding of POPIA and the true risk is key to
        that affect their business. In both   determining the best use of personal information. Your business needs access to some
        cases, the over and under-engineering   personal information in order to transact and has a right to such data. For example, a car
        of business processes have negative   dealership can ask for someone’s ID number or credit record - how else will they secure
        consequences that a simple           a loan from a bank, process the car registration or be able to comply with relevant
        understanding of POPIA could avoid.   legislation? You take on a certain level of risk based on the transaction’s context. In this
           Rather than lay out a series of   case, the dealership needs processes that safely handle personal information related to
        strict steps resulting in a “one size fits   a vehicle sale. It doesn’t have to do more than that but it certainly cannot afford to do
        all” approach, POPIA outlines general   less than that.
        considerations in the act and special   Context matters, fit for purpose processing matters, CONSENT matters and learning
        reference here applies to Chapter 8,   to balance the legal requirements of POPIA with the customer experience is imperative
        part B from section 26 – 33, where   to remain competitive in an ever-changing legal landscape.
        the processing of special personal     If you try and comply with every conceivable private data risk, you damage your
        information applies.                 ability to transact. On the other hand, if you do not comply with POPIA and other
           At Contactable, we have seen      relevant legislation, you might face fines and brand damage. But if you have a clear
        companies take POPIA to extreme      sense of what type of data you need and why, you can create a balance between laws
        measures such that all data is totally   such as POPIA and the requirement for your business to use personal information in
        anonymised internally and a back     order to transact with your clients.
        office can no longer resolve a client   Don’t fall into the trap where you over-engineer processes out of fear or a wish
        query because they cannot ascertain   to mitigate all risks. A blanket approach will not work - every business is different.
        who the client is. Alternatively, we   Fortunately, POPIA gives you the space to determine your data privacy policy and
        receive requests to delete all personal   destiny.                                                      n






















































                                                  EngineerIT | August 2022 | 26
   23   24   25   26   27   28   29   30   31   32   33