Get more Mail & Guardian
Subscribe or Login

Data protection is key in a digital world

Data is a key asset to any business – that’s why it’s crucial that it’s protected. Data can help businesses understand vital information, such as customer buying behaviour or enable digital payments. However, in the wrong hands, it can be abused. Consider the risk that cyberattacks and data breaches pose to businesses.

According to data presented by, phishing is responsible for the majority of cyberattacks, resulting in businesses across the globe having to increase their cybersecurity budgets every year. Personal information that is at risk includes phone numbers, ID numbers, dates of birth and financial details.

Not only is this costly to consumers, but also to businesses. The average cost of a data breach to South African companies is R31.6-million, according to the 2020 Cost of a Data Breach report done by the Ponemon Institute.

Because of this, businesses around the world have placed a focus on protecting personal information and fending off data breaches. Following the introduction of the Protection of Personal Information Act (Popia) on 1 July, South Africa is now in line with global data protection standards, such as the European Union’s General Data Protection Regulation (GDPR) laws.

The Act promotes the protection of personal information, safeguarding companies from data breaches and cybercrime and preventing intrusive marketing practices. However, many businesses and marketers are still delaying the process of implementing the new legislation and are unsure of how to comply with the act.

Remaining globally competitive

For South African companies wanting to operate in a global environment, making the changes required by the Act could boost success and widen the net of opportunities. The legislation not only removes the administrative barriers that can hamper international business, it also positions South Africa as an appealing destination for foreign investment due to proper data regulations being in place.

Protecting businesses and stakeholders

Although the Act introduces additional requirements that businesses must comply with, it should be viewed as a positive step for South Africa. The global shift is bringing clear alignment with direct marketing consent and data-protection policies. With the demise of third-party data sharing to protect consumers’ privacy, legislation such as Popia is becoming more relevant and necessary.

In an age where cybercriminals are sharpening their skills, businesses have to take responsibility for how they collect, share, protect and govern access to customer data.

Because the Act’s scope is broad, there are specific conditions in the Act that deal with direct marketing communications, which many businesses struggle with when ensuring they remain compliant.

Here are 4 practical steps businesses can take towards direct marketing compliance:

1. Establish a data rights procedure: If a business holds someone’s personal data on file, that person is a data subject whose rights must be respected in accordance with Popia. All data subjects have the right to access, correct or request to delete their personal data. Be sure to establish a procedure for how you will be handling these requests.

2. Ensure a privacy policy is in place: A privacy policy is a public-facing document that tells customers (or anyone else) what you do with personal information. A privacy policy should be written in clear, plain language and made available via the company’s website or when a customer opts in to share their information. It is advisable to approach a legal specialist to draft proper consent forms, notices and privacy policies in line with Popia.

3. Review your marketing contact database: Any recipient of a company’s marketing communications must have voluntarily opted in to communications, must be contacted for a specific purpose and must be informed about the type of communication they will receive. When collecting personal information, this should also include a link to the company’s privacy policy.

Alternatively, recipients could already be existing customers if the company is marketing products or services that are similar to those offered when the company first acquired their personal details. With each new marketing email sent, customers must have the option to unsubscribe.

4. Continuously update databases with customer preferences: Customer databases must be managed more effectively to adhere to customer requests to opt out of marketing communications. This involves proper records of customer information, including where, how and when information was initially obtained; whether they’re an existing customer and, if so, what products or services they’re interested in; whether consent was obtained to receive direct marketing; and whether they’ve unsubscribed from any direct marketing communication.

Technology is an enabler of Popia compliance

If businesses are still unsure whether they have the required consent from customers, there are easy ways to obtain it, such as the right marketing tools. These should support compliance and uphold data governance standards. For example, Mobiz ensures that customers have access to multiple tools to assist with compliance, such as QR codes to obtain consent and collect first-party data, double opt-in SMSes, automatic opt-out list management, a data retention policy for unused customer data, secured landing pages and secure data upload, which is encrypted both in transit and at rest.

Implementing the changes that the Act brings doesn’t have to be a daunting task. By knowing how to go about it with the proper tools, businesses can become compliant in order to protect themselves and their customers.

Subscribe for R500/year

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them and get a 57% discount in your first year.

Greg Chen
Greg Chen is founder and chief executive of mobile marketing company Mobiz

Related stories


If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here


Subscribers only

DA’s egregious sexual harassment case finally begins

The party is accused of protecting a councillor, who’s also implicated in R1.2m graft

The ANC, DA and EFF ‘oblivious’ to climate crisis —...

The Climate Justice Charter Movement has critiqued the manifestos of the main parties contesting the local government elections and found them ‘shallow’

More top stories

Countries bear cross-border responsibility for harmful effects of climate change,...

The UN committee has been accused of ‘turning its back’ on the children who filed a groundbreaking legal complaint with it against five countries

Magashule files notice to have corruption charges dropped

Counsel for the suspended ANC secretary general tells court the former Free State premier falls outside category of who can be charged for corrupt activities

R1.5-billion in funding approved for riot-hit businesses

Agencies emphasise that speed is crucial to rescuing firms affected by July’s unrest

DA’s egregious sexual harassment case finally begins

The party is accused of protecting a councillor, who’s also implicated in R1.2m graft

press releases

Loading latest Press Releases…