Ensuring a successful data privacy journey

BSG supported a leading global oil and gas provider to compliance of its South African operations with local and international data privacy regulations, whilst applying a user-centric approach.

What was needed

  • Ensure data privacy of customers, employees and third parties was respected through the implementation of the requirements of Protection of Personal Information (POPI) Act, as well as General Data Protection Regulation (GDPR) to ensure seamless operations between South African region and the European Head Office
  • Create a view of the organisation’s personal information landscape to understand the potential benefits of effective data protection, both for the data subjects and for the organisation
  • Kick-off a long-term journey to continuously improve on the organisation’s data privacy practices

How we helped

  • Collaborated with Regulatory Risk, Technology and Business stakeholders to build a detailed view of the organisation’s personal information landscape, including understanding the lawful justification for collection, processing, sharing, and deletion of such data
  • Based on the insights gathered, BSG undertook a detailed assessment of potential risks and issues associated with the manner the data was being managed, and crafted a plan to prioritise the remediation of critical gaps, and increase data privacy maturity in the organisation
  • Drove the mindset of building trust with data subjects by keeping data privacy at the core of any people, process, technology and policy changes
  • Identified opportunities for data and process automation, leveraging insights available through data

The positive change

  • Implemented an insight-led approach to business operations by identifying manually managed and/or duplicate data sources
  • Identified opportunities for improvement across people, process, system, and policy to support greater confidence when responding to requests for information from internal / external audit bodies and/or the Information Regulator
  • Increased trust and transparency with data subjects by aligning to global best-practice
  • Strengthened brand value by aligning to the trend of putting data privacy at the core of operations

Engagement overview

With the POPI Act of 2013 officially coming into effect from 1 July 2021, a global leader in the oil and gas industry wanted to ensure its compliance to the Act, as well as to the General Data Protection Regulation (GDPR), while keeping the interests its customers, employees, and third parties front and centre. As part of ensuring compliance, the organisation wanted to create a complete view of its personal information landscape, identify and remediate gaps to build trust with data subjects, and move towards a more insight-led operations model.

BSG assisted and managed earlier steps in the organisation’s POPI compliance journey and, employing our focus on insight-led operations delivery, we successfully built upon that work. Defining a risk-based approach to the legislation, in line with the organisation’s strategic objectives was key to ensuring a practical approach with actionable recommendations.

Solution Design at BSG

The Solution


The team built a view of the organisation’s personal information landscape to identify gaps using four lenses: people, process, system, and policy. These gaps, and the necessary steps to close them, were defined and then prioritised using insight-led decision-making. Detailed engagements with data subjects across the business gave insight into areas that needed specific attention and informed backlog prioritisation.

BSG ensured ongoing alignment and clarity across all stakeholder groups to mobilise key POPIA governance structures for ongoing execution of remediation activities. By adopting an agile approach, encompassing squads, champions, stand-ups, sprints and backlog planning, retros, and review sessions, the team ensured the momentum of the compliance efforts was maintained. In addition, by identifying champions who took ownership for leading the change in their area, the team ensured knowledge transfer from BSG’s SMEs into the organisation, thus ensuring the momentum can be sustained long after the project’s close.

By practically using data and insights, the team provided the organisation with a clear view of the progress made against the project objectives, providing a higher level of stakeholder comfort throughout the project.

Making a difference

Making a difference 

BSG's purpose: to be a proactive force for positive change

Our involvement ensured the organisation was better-placed to independently drive its data privacy journey forward, while keeping its data subjects at the heart of the initiative. BSG enabled remediation of gaps and allowed the organisation to take advantage of the opportunities presented by their holistic personal data landscape. The work done enables compliance with data privacy laws in South Africa and Europe, where its head office is based.

Get in touch

If you'd like to know more about how we can help you along your compliance journey, chat to us.

Related Projects
Contact Us

We love talking about change. If you've been inspired by anything you've read here, please get in touch.

Not readable? Change text. captcha txt