With the anticipated commencement date for the Protection of Personal Information (POPI) Act — set for Wednesday, 1 April — the number of companies concerned about their data collection policies is set to skyrocket.

But while it's good that regulators are trying to protect customer data, POPI is a cure rather than prevention. Imposing penalties on companies who are not playing safe with consumer data is essential.

Companies should think about why they are collecting data in the first place. The obsession with data can be blamed on the opaque promises made by the proponents of big data, with companies benchmarking against the likes of Amazon, Google and Facebook — who harvest vast tracts of our data.

By trying to emulate this behaviour, companies collect as much customer data as they can but rarely know what they'll do with it. A 2017 Harvard Business Review article notes that less than half of structured data is used and just 1% of unstructured data is used in the decision-making process.

Consequently, much of companies' data ends up dumped on a server, underutilised and logged as another concern for the IT guy. It's here where this data is exposed to negligence or possible hacking, punishable by fines under POPI. 

Fundamentally, South African companies need to think about the purpose of the information that they're collecting. Will it be used in planning, reporting or in personalising marketing going forward?

If there is no clear answer, rather avoid it altogether. Not all data is created equal, so think about what you want to collect. Many companies target new customers by purchasing B2B emailing lists or buying third-party data from Google and Facebook.

Yet few have an effective first-party data programme in place. Questions that should be asked inlcude:
  • Who is the customer?
  • Do they have an email address and telephone number?
  • What did they buy?
  • What are the demographics and psychographics at play?
These are the building blocks needed to get to understand current customers and to personalise future campaigns effectively. If any evidence was needed on the value of pleasing existing customers versus targeting prospects, another Harvard Business Review article claims that it can be five to 25 times more expensive to acquire a new customer than it is to retain an old one.

The value of first-party data is coming to the fore. A first-party data strategy can lead to the paradigm shift that is needed to turn away from continuously searching for new clients — instead of servicing current clients — effectively.

Customer data platforms are one of the hottest tickets in the burgeoning martech industry, which already gobbles up around a third of all marketing budgets, according to Forrester.

Yet, in South Africa, all too many brands still invest their martech spend into Data Management Platforms and other adtech platforms that focus on third-party sources.

The folly of this was exposed earlier in 2020 when Google announced that it would be phasing out support for third-party cookies. This support was instrumental in the pursuit of new audiences.

Clean data is good data. In this so-called data 'land grab', companies often pour hard-earned records down a CRM black hole. It is no surprise, then, that a study from SiriusDecisions found that 25% of the average B2B database is inaccurate.

It doesn't help to spend the time and effort in acquiring vital customer information if you don't invest in making sure the data is accurate — and keeping it so. Don't let it be your business that sends out emails addressed to the wrong person or to decision-makers who have left the company.

The more considerable concern around POPI is, of course, the safety of customer data. News of significant data breaches has become a regular occurrence and it seems that cybercriminals can exploit almost any preventative measure.

However, this is no reason to make it easy — especially for smaller companies who store data on their servers or simply in spreadsheets on employees' devices. The move to a reputable and certified cloud-based data platform or CRM solution will pay-off in the long run.

While it may not guarantee protection from a security breach, you can at least demonstrate that you took active measures to protect your information.

Respect the client; don't use your collected data in a way that customers might find disturbing or unprofessional. Although this shouldn't come as a surprise with the amount of cookie data available, there are interactions that can come accross as highly inappropriate and downright creepy.

Being POPI compliant doesn't eliminate the need to be respectful towards your clients. It's important to remember that the steps above will not make you POPI complaint. Instead, it should serve as a reminder to utilise collected data effectively, rather than setting the collection of data as the goal.

For more information, visit www.rogerwilco.co.za. You can also follow Rpogerwilco on Facebook or on Twitter.