POPIA, your business, third-party engagements and privacy laws relation explained

The POPI Act is set to take effect on July 1. However, with 78% of South African businesses being unaware of privacy laws and relying heavily on third-party trackers and ad platforms, the Act does pose a few challenges.

According to a recent survey conducted, only 22% of South African businesses are aware of privacy laws governing their marketing activities, despite the Protection of Personal Information Act (POPIA) set to take effect on July 1.

The survey, conducted by WorldWideWorx and commissioned by global technology company Zoho, also revealed that even though businesses are concerned about the privacy of customer’s data in the hands of third-party vendors, they are reliant on them for revenue generation, and gathering customer insights. Therefore making it harder for them to move away.

According to WorldWideWorx CEO, Arthur Goldstuck, the lack of awareness about the law is largely because these regulations are not part of business-critical activities like taxation and licensing.

While 76% of the businesses indicated that they have well-documented policies for customer data protection, only 57% are strictly applying them.

“When POPIA comes into effect, and defaulters face severe fines and garner negative media attention, most companies will start complying fully and restructure their marketing operations,” said Goldstuck.

Third-party trackers and ad platforms

Of the 448 businesses surveyed across various industries and sizes, 42% said they allow third-party trackers on their website, mostly for sharing content on social media (55%) and gathering analytics on their website visitors (40%).

There is also a heavy dependence on digital ad platforms. The respondents believe that keyword search ads (55%) and social media ads (54%) are quite effective for customer conversion.

The survey further revealed that 72% of businesses said the third-party ad platforms either help them meet or are a primary factor in achieving their sales goals.

Given this reliance, and even though 73% of businesses express concern over the use of their customer’s data, they are largely either ‘comfortable’ or ‘neither comfortable nor uncomfortable’ with the platforms.

The 23% who are uncomfortable stated they cannot move away from the platforms as they are crucial to their business or that it is too complex to move away while 24% of businesses reported that they do not completely understand how third-party trackers and ad platforms utilise the collected customer information.

“When businesses choose to use a free tracker, they are paying for it with their consumer’s data,” said Andrew Bourne, Regional Manager for Africa, Zoho.

“At Zoho, we refer to this practice of third-party trackers collecting data without user knowledge as adjunct surveillance.  Presently, South African businesses turn a blind eye to this passive data collection by trackers, most likely, because they are dependent on them for revenue.”

Bourne believes that POPIA compliance will change this, as it requires businesses to inform users before obtaining and processing their personal information through tracking.

According to Bourne consumers will eventually trust companies that have transparent privacy policies that respect and protect their personal information.

“Businesses hoping to stay relevant for the long term will need to either rethink their reliance on third-party platforms or demand greater transparency and accountability from them.”

The POPIA effect

The study also revealed that South African businesses believe POPIA will either have no effect (41%) or a positive effect (40%) with their biggest concerns with the law being the increased cost of governance (34%), marketing becoming less effective ( 30%), and increased complexity (28%).

Goldstuck says marketing will become less effective only for those who were sharing their customers’ personal information behind the scenes, and not those conducting their efforts in line with the Act.

However, he does believe that the cost of governance will be a major concern for SMEs.

Placing this into further context, all businesses in South Africa (regardless of size) will need to appoint a privacy/information officer to oversee the protection of customer information.

Larger businesses can appoint their CIOs or IT leads in this new role, while smaller businesses may have to appoint their managing directors or business owners in the same role.

For smaller businesses, in particular, this can be a daunting task as the person-in-charge can be held personally liable for data leaks or breaches, as per the law.

This study was conducted using Zoho Survey and Zoho Analytics.

Back to top button