RSM South Africa

The aftermath of Storm GDPR

aftermath_gdpr.png

WHAT HAS BEEN THE IMPACT ON MIDDLE MARKET BUSINESSES IN THE AFTERMATH OF ‘STORM GDPR?

The adoption of data protection principles across the African continent is still in its infancy  and consequently most organisations were not fully compliant with the GDPR when it came into effect on 25 May 2018. Countries in Africa which have their own privacy legislation, such as the Protection of Personal Information Act (POPIA) in South Africa, had a higher awareness level of the GDPR due to the shared privacy principles.

Organisations in the financial services industry placed a high priority on regulatory compliance which included privacy regulations and as a result these organisations were more likely to be fully compliant. Organisations in industries such as manufacturing and fast-moving consumer goods however, had a slower road to compliance due to a knowledge gap in GDPR awareness and more specifically the impact, both short and long term, that the privacy regulation would have on their businesses.

Post 25 May 2018, it became clear that being compliant to multiple data privacy regulations was one of the biggest challenges facing multinational organisations in Africa. Organisations quickly realised the lengthy timelines and specific expertise which is required in order to achieve compliance and privacy maturity.

This realisation resulted in our clients seeking our expertise in this area to assist them with the GDPR and data protection gap analyses and readiness assessments as well as remediation consulting.

WHICH OF THE GDPR PRINCIPLES HAVE BEEN MOST CHALLENGING FOR BUSINESSES?

In addition to the challenge of encountering multiple privacy regulation requirements, organisations had difficulty in personal information collection and purpose limitation due to a knowledge gap in their personal information processing activities. This was further compounded by a lack of adequate organisational and technical security measures around the personal information which they processed.

After all, you can’t protect what you don’t know is in your possession!

GDPR AND FINDING OPPORTUNITY IN CHANGE

The road to data protection and GDPR compliance is an incredibly collaborative one and works across the enterprise. From our privacy work with organisations, we have noticed that privacy has now become a key risk management issue which is always on the C-suite discussion table. In addition, their privacy compliance efforts have helped them secure new business relationships as organisations and investors are making a move to only transacting with businesses which have appropriate data protection mechanisms established.

WHAT IS ON THE HORIZON FOR DATA PROTECTION?

The increasing maturity of the global privacy landscape has and will continue to be a major business disruptor for organisations. There is going to be an increased focus on not just privacy impact assessments but embedding privacy in the culture of the organisation to ensure that data protection becomes a key pillar of the way businesses operate.

Thilen Pillay

Regional Divisional Director | Risk Advisory

Authors

Thilen Pillay
Regional Divisional Director