Last week, we spoke about Data Governance as an enabler for GDPR Compliance at the 2018 ITWeb GDPR Update.

Six months after GDPR was introduced many organisations are still not compliant, with data management implementation and automation listed as major concerns.

A McKinsey survey suggests that many companies put stopgap measures in place to meet May 2017 dead lines, and are now having to deal with the consequences of making those solutions permanent, scalable, and effective.

GDPR compliance helps with PoPIA compliance

In South Africa, companies must also comply with the Protection of Personal Information Act (PoPIA) which, fortunately, shares many requirements with GDPR.

This means that automated capabilities to deal with GDPR should be reusable (or easily adapted) to comply with PoPIA

What is the PoPIA Accelerator?

Our PoPIA accelerator provides an extended data management capability that includes specific PoPIA-related roles, responsibilities, workflows, reports and information.

The operating model is a data governance capability that automates key PoPIA related tasks including key stakeholders via out of the box workflows. The asset model defines the data management artifacts and relationships that must be tracked in order to demonstrate PoPIA compliance.

Why leverage our PoPIA Accelerator?

Each company is unique and has its own business model, data landscape and risk landscape.

PoPIA compliance requires the flexibility to allow you, and your business, to adapt any framework to meet your needs, while ensuring governance.

Core to Data Governance are the concepts of Accountability and Documentation – ensuring these fundamental principles are delivered from day one.

Our approach facilitates a top-down and iterative approach to compliance – allowing you to start with priority (high-risk) ecosystems and achieve quick wins e.g.

• linking critical business processes and processing limitations;
• then relating critical systems to the above,
• then relating critical data elements to these systems, etc.

One can solve smaller, high-priority problems one at a time whilst always building the total picture.

Getting started is easy:

• Identify stakeholders and clarify their roles and responsibilities.
• Inventory how data moves across and beyond your organization.
• Assess what data and processes pose risk to the rights of the data subject.
• Put controls and safeguards in place to address those risks.

Data governance is data protection

To implement data protections that will drive real business value, you will need an end-to-end understanding of how data is captured, transformed, held, and destroyed. The Collibra enterprise data governance solution can help you put a framework in place to understand what data you have, where to find it, and who is accountable for it

Leverage  the governance work you are already doing

At the end of the day, GDPR (and PoPIA) are about data.

This does not mean that you should not get legal advice to ensure compliance – legal advice must drive your implementation efforts and define your success criteria.

However, the foundation of both acts is the need to take responsibility for ensuring that data is used in the interests of the data subject, and that data is used for its intended business purpose.

The PoPIA Accelerator is about your company’s data, business processes and associated processing activities and systems.

Gain a better understanding of your data

The Accelerator supports you in the goal of documenting and understanding your personal data landscape – in the case of PoPIA all data related to customers, prospects, employees and suppliers.

It helps you to understand what the key business processes are that use customer data, where that data is stored, and how data moves between systems and geographies in order to support each process.

Over time, using the Accelerator will help you to build up a complete picture of personal data in your environment, along with a matrix of stakeholders that must be engaged to understand impact and to make decisions. This is, in my opinion, the true opportunity of PoPIA compliance

The opportunity of GDPR

It is tempting to view GDPR and PoPIA as yet another compliance problem.

Very few companies have a the sound understanding of personal data that allows them to properly understand their customer, employee, or supplier.

For most companies, the task is daunting. With the right use of technology PoPIA can be an opportunity to gain a tremendous advantage.