There’s always a fair bit of muddling through during
times of massive change, as we see now at the dawn of the fourth industrial revolution.
The trick is not to carry over old-school thinking into a new realm and limit
your opportunities. I think we are facing a real risk of doing just this,
looking at the impact data privacy legislation can have on a company’s ability
to transform for a digital future.
A crucial part of digital transformation is doing
business in an entirely new way. And the fallout from POPIA and GDPR could
limit our ability to build nimble, flexible, digital organisations.
We’ve had to navigate the introduction of the
Protection of Personal Information Act (POPIA) as well as the European Union’s
General Data Protection Regulation (GDPR) in the last few months. I think that
both these laws, which look at how personal identification data is collected,
stored and handled, could have an impact on a company’s ability to succeed in
the fourth industrial revolution. Partially because in many cases they are
blunt instruments, and also because they don’t always seem to understand the
digital landscape.
Of course, I agree that protection of personal data is
essential: we’ve seen enough data breaches and unethical behaviour to know that
they are a genuine threat. In addition, I, like most of us, am annoyed by
constant unsolicited marketing calls and direct mail.
But a couple of things have caused me to raise a
sceptical eyebrow and wonder how the outcome of compliance gels with running a
future-fit company. For instance, some of the POPIA requirements that have been
passed on to us from our clients, include locking down information to such an
extent that the only way to do your job is sitting at a desk, in your office.
This is completely opposite to a digitally-empowered, mobile, flexible,
project-based workplace and the benefits of working in this way. We wouldn’t be
able to pull together the best team for the project, or access real-time data
via the cloud while on the go. Nor would we benefit from our team bringing
their mobile devices into the workplace.
And GDPR has its own red flags, one of them being an
individual’s ability to request, within a month, all the personal
identification details a company holds on them, and also ask for amends or
complete erasure. Think about the logistics of doing that. I’m not even sure
it’s entirely possible given the knock-on impact this might have, in a set of
reports, for instance. But also, it potentially heralds a return to big slam
dunk ERP systems, whether or not they are best for the job, rather than
best-of-breed services that do exactly what we need them to do.
While I agree with the need for data security, too
many things about these corporate, “belt and braces”, approaches to data
protection make me feel like this could be quite a big step back for our
digital futures. Perhaps we need a bit more common sense and forward-looking
thinking when tackling these challenges.
No comments:
Post a Comment