There’s always a fair bit of muddling through during times of massive change, as we see now at the dawn of the fourth industrial revolution. The trick is not to carry over old-school thinking into a new realm and limit your opportunities. I think we are facing a real risk of doing just this, looking at the impact data privacy legislation can have on a company’s ability to transform for a digital future.
A crucial part of digital transformation is doing business in an entirely new way. And the fallout from POPIA and GDPR could limit our ability to build nimble, flexible, digital organisations.
We’ve had to navigate the introduction of the Protection of Personal Information Act (POPIA) as well as the European Union’s General Data Protection Regulation (GDPR) in the last few months. I think that both these laws, which look at how personal identification data is collected, stored and handled, could have an impact on a company’s ability to succeed in the fourth industrial revolution. Partially because in many cases they are blunt instruments, and also because they don’t always seem to understand the digital landscape.
Of course, I agree that protection of personal data is essential: we’ve seen enough data breaches and unethical behaviour to know that they are a genuine threat. In addition, I, like most of us, am annoyed by constant unsolicited marketing calls and direct mail.
But a couple of things have caused me to raise a sceptical eyebrow and wonder how the outcome of compliance gels with running a future-fit company. For instance, some of the POPIA requirements that have been passed on to us from our clients, include locking down information to such an extent that the only way to do your job is sitting at a desk, in your office. This is completely opposite to a digitally-empowered, mobile, flexible, project-based workplace and the benefits of working in this way. We wouldn’t be able to pull together the best team for the project, or access real-time data via the cloud while on the go. Nor would we benefit from our team bringing their mobile devices into the workplace.
And GDPR has its own red flags, one of them being an individual’s ability to request, within a month, all the personal identification details a company holds on them, and also ask for amends or complete erasure. Think about the logistics of doing that. I’m not even sure it’s entirely possible given the knock-on impact this might have, in a set of reports, for instance. But also, it potentially heralds a return to big slam dunk ERP systems, whether or not they are best for the job, rather than best-of-breed services that do exactly what we need them to do.
While I agree with the need for data security, too many things about these corporate, “belt and braces”, approaches to data protection make me feel like this could be quite a big step back for our digital futures. Perhaps we need a bit more common sense and forward-looking thinking when tackling these challenges.