·       Accept that the POPI Act applies to you... and you… and you at the back.

o   Agree the strategy. Be honest.

·       Feeling swamped by the magnitude of the implementation project?

o   Set up the task team with people like the change management champion, the board representative, HR, IT, Finance, Legal representatives, and of course the project manager.

·       Don't do everything at once.

o   Stagger the implementation over realistic timelines and commit resources to the top priorities.

·       Multiple business units process data and each has its own priorities.

o   A good project plan prioritizes the enterprise risks and supports competing business units.  

·       Siloed data managed in different environments.

o   By defining the business case, the (in)efficiencies of implementing repeat controls should be seen.

·       Aging systems can still add value.

o   The appetite to adopt tech-centric solutions must be factored in the data protection project.

·       Outdated policies

o   Out with the old and in with the new for the proper implementation of data protection.

·       Limited resources

                  o   Don’t delay, act now (sounds cheesy but it’s true).