There’s a saying that goes: ‘you went to bed as a services company and woke up as a data company’. This has never been truer than today. Most African companies have transformed from physical to digital businesses in the past 15 months – and they’re going to stay that way.

Quite simply, this is the way the world is going to work in the future. Data and digital is the default business status of the world. Of course, this brings with it a new-found responsibility – and increasingly, a legal obligation – to protect that data.

More and more, we’re seeing acronyms like GDPR, CCPA, LGPD and PIPEDA becoming part of leadership conversations. Closer to home, South Africa’s Protection of Personal Information Act (POPIA) takes effect on 1 July. They’re all part of a growing wave of regulations around the world that govern the way businesses handle consumer personal information.

Let’s be frank: for many companies, these regulations are a royal pain. A year before GDPR came into force in Europe in 2018, a study by AIIM found that more than 50% of businesses knew little or nothing about GDPR. More recently, TrustArc found that more than one in four companies (27%) hadn’t even started making their organisations GDPR-compliant, more than two years after the deadline had passed.

And yes, getting data-compliant may feel onerous. But that’s the cost of doing business in 2021 and beyond. Fact is, consumers will choose you over other competitors based on trust: that is, how you protect their data, and show them that you put them first. In a world that’s digital and filled with data, your customers want to shop anytime, anywhere. They will look at businesses and ask: are you making me feel safe in a digital world?

As business leaders, it’s incumbent on us to ask ourselves what it means to us as businesses to protect the individual’s right to privacy, and how we deal with our customers’ information. How we gather it. How we use it. Most importantly, how we protect it.

But here’s the thing. If you see privacy regulations as nothing but a regulatory burden, you’re missing a massive opportunity to use your data investments to set your company up for long-term digital success. Frankly, it’s an incredibly exciting opportunity for local businesses to overhaul not only their data policies, but their entire approach to data security, and go beyond mere compliance to create a source of trust and advantage with their customers.


For me, getting compliant has three major benefits that will propel your company along a digital transformation journey.

It puts your customer at the centre of your business

Creating a robust set of guidelines, checks and balances doesn’t just help your business to secure data: it also makes the handling of data easier, and helps you get closer to the mythical ‘single view of the customer’. Once that’s in place, you not only understand your customers better, but are able to serve them offers that talk directly to their needs.

It builds consumer trust

Trust in your products, services and brand is a key market differentiator. Your customers must know they can trust you implicitly with their data; that their long-term best interests are important to you, beyond a single transaction or engagement.

It forces you to get your data management strategy right


Strong data governance is the foundation of providing the data visibility and oversight needed for regulatory compliance. It helps assess and prioritise data risks, and manages the current state of your data, and its evolving future state. With the right data strategy and technology in place, it’s possible to achieve compliance – and digitally transform – using your current architecture and data assets as a base.

Getting this right starts with how we show up as leaders. How do we think about data will shape the way we drive the necessary education, culture and training that’s needed to make our people aware of the critical role of data in the success of our businesses. Effectively, we have become the custodians of a new way of doing business. That’s a responsibility we simply dare not shirk.

Is your business ready for POPIA, or any other data privacy regulations? What lessons can you share around organising for this new way of engaging consumers? How have you incorporated trust into your business and go-to-market strategy?