In South Africa, the Protection of Personal Information Act (POPI) – promulgated on 23 November 2013; will come into effect next year. While in Europe, the General Data Protection Regulation (GDPR) entered law in May. The grace period for POPI is expected to end after that of the GDPR which ends in May 2018. Expectations are that organisations might focus on complying with the latter first. However, the lessons learnt in this approach can be applied to POPI compliance. The essence of both these regulatory frameworks (and others throughout the world) comes down to changing the way organisations interact with and store personal data.
This evolving environment means that companies, especially those that are information-rich when it comes to customer data, must carefully scrutinize what they need to do to remain compliant. Failure to do so will not only result in significant financial fines but also lead to reputational damage which is difficult to recover from. A customer that does not trust how you protect their personal information, is likely to move to another service provider.
Nowhere is this pressure felt more acutely than in the insurance sector. Gaining insights from customer data to develop customised solutions is fundamental to the success of an insurer in the digital age. Not being able to do it effectively, because of systems that are not compliant, will risk the organisation losing ground to competitors.
A new business environment
Governance is not a new thing; organisations have had to continuously adapt and adopt changes to regulatory, legal, and compliance parameters. What is different with the likes of POPI and the GDPR, is the intense focus placed on personal data.
Over the past few years, organisations across industry sectors have increased efforts to leverage the data they have and use it to garner fresh insights on customer requirements. Thanks to the growth of virtualisation, cloud computing, and machine-learning, many of the administrative-heavy functions have been automated (to some extent) leaving an opportunity to analyse data more effectively.
This newly evolved business environment sees better attention placed on how an organisation, such as an insurer, can best tailor its services and product offerings to meet the more diversified needs of the connected customer. By default, this means the wealth of data being generated and collected through a myriad of input channels such as social media, emails, and online forms and chats can be analysed in real-time.
Despite the benefits gained from this analytical approach, care must be taken in the way that data is stored, used, and shared, which must be aligned with regulatory requirements, i.e. permission from the data subject as well as the organisation.
This has impacted on the refinement of analytical solutions that factor in compliance parameters and still provide the insights needed to enable business growth.
Solution providers best able to manage POPI and GDPR together with other regulatory requirements will be best positioned to provide enhanced, analytical solutions to organisations. This aims to ensure that organisations making use of these solutions have peace of mind that the data analytics provided is compliant and ‘clean’.
POPI compliance creates an awareness of how data is stored and used. But even though all parties involved in the process are accountable for POPI compliance, there is an awareness of the need to have deeper and more trusted relationships between them. Because of this, both the client and the service provider will drive improvements in the organisational bottom-line.
By Kelly Preston, Data Analytics Manager, and Angelique Strumpher, Administration Manager for Business Process Outsourcing at SilverBridge