I have been helping clients assess the impacts and risks of the POPI legislation since 2007, with Old Mutual being the first large POPI project in South Africa. Having become a top expert on the subject of data protection, I have been codifying this knowledge into systems and methods since 2012.
Where it all started
I started Tim O’Hanlon Strategic Management Services (TOSMS) in 1997 after leaving a very large SA-based insurer, in which my last role was that of Corporate Planning Manager. Shortly after this, I was managing the listing project for a Fortune 500 company when one of their directors asked me to help their legal division with a new piece of legislation that they had been wheel-spinning over for some time. The rest is history. I have remained in the regulatory risk space ever since. The marriage of my systems engineering background and extensive experience in managing regulatory change projects has been a very fortuitous one for me. As an engineer you learn how to change things functionally. My training taught me how to drive these changes through a structured methodology that looks at things like target operating models and critical success factors. This has helped me develop the tools and methodology my company uses today to provide smart, sustainable change in a regulatory risk environment, something that most compliance and legal stakeholders in this field of expertise are not well equipped to deal with.
Liaising with key government stakeholders
In my role of programme manager at very large organisations, I managed programmes to implement changes across the organisation for fundamental, game-changing pieces of legislation like the Financial Advisory and Intermediary Services (FAIS) Act and the Protection of Personal Information (POPI) Act. This gave me direct access to key players in government, including the Deputy Executive Officer of the Financial Services Board (FSB) at the time, Gerry Anderson (and his team) as well as Ananda Louw at the Law Reform Commission, who was involved in the drafting of the POPI Act. Working with my clients and the stakeholders from government provided me with the opportunity to help develop government’s thinking and the legislation content in the early stages of drafting. This particularly applied to helping the drafters understand the level of complexity that companies had in their operational areas and the unintended challenges and costs the implementation of these Acts would present to companies.
Experience through UK data protection laws
To learn from companies that had already been impacted by data protection laws, I researched the topic for clients, had discussions with the UK Information Commissioner at the time, met with compliance and information officers from UK companies like Tesco’s, Lloyds, Barclays, Aviva Group, and many more, to learn how they dealt with the UK Data Protection legislation over the prior two decades. I also met with the heads of industry bodies like the UK Direct Marketing Association to understand how they helped their members weather the storm.
Assisting with POPI since 2007
I have been helping clients assess the impacts and risks of the POPI legislation since 2007, with Old Mutual being the first large POPI project in South Africa. Having become a top expert on the subject of data protection, I have been codifying this knowledge into systems and methods since 2012. The intention is to help reduce the growing cost-complexity-risk paradigm that is the norm today for large, complex companies that need to comply with literally thousands of requirements from all types of legislation, not just from POPI. The TOSMS website covers the solutions that have been designed and developed in this field of expertise to solve the regulatory compliance and associated records management and regulatory training challenges.
Contact us for peace of mind
To enquire about how we could provide you with peace of mind in solving your regulatory compliance challenges with the POPI Act or any other South African legislation, contact us here.