May 21, 2019

The Big Question in B-BBEE

Each entity participating in the Broad-Based Black Economic Empowerment (B-BBEE) process have asked the big question more than once: “Why must I participate in B-BBEE?”  

Business owners may find themselves questioning whether all the expenses, time and admin that accompanies the ongoing process of participating in B-BBEE are worth the effort? 

Owning a business in South Africa is very challenging, if we look at all the legislation that entities have to comply with and implement in the entity.  Someone once said that they have so much legislation-related admin that they need to attend to that they can only start doing business by the Wednesday of every week.  Why pile B-BBEE and all it entails on to this already heavy burden?  The answer is simple to grow and expand your business.

A business can grow with B-BBEE

Every business owner wants to grow their business.  This means that at any given moment your business must be in the position to answer certain questions from new prospective clients.  One of these questions which is being asked on a more regular basis these days are do you have a valid B-BBEE certificate?  If your answer is no, the risk is there that the prospective new client will take their business elsewhere. They also have to implement and comply with B-BBEE to grow their business, and this is the reason why this question is being asked.  

Not to mention that should you wish to do business with any State-owned or Semi State-owned entity, you will not be able to apply for a tender without a valid B-BBEE certificate. The State-owned entities have come under fire for not implementing B-BBEE in their supply chain and procurement policies and as a result thereof they are beginning to adhere to B-BBEE regulations and expecting their suppliers to do the same.  No vendor number will be issued by a mine to an entity without a valid B-BBEE certificate.  Banks, Insurance Companies, big retailers such as Pick n Pay and Woolworths only deal with entities with valid B-BBEE certificates.  With any tender application they request the entities to include their B-BBEE certificate for the scoring process.  If you want to apply for license (such as a liquor license) the Department of Liquor will only issue you with a license if you are in possession of a valid B-BBEE Certificate.

Now, taking the above mentioned into consideration, as a business owner you must remember that obtaining a B-BBEE certificate is not something that you can do within a few days’ time.  It is something that needs to be implemented and budgeted for on a monthly basis. 

Should an opportunity come your way you need to be ready as business owner to grab it.  This is the answer to the big question of why should I participate in the B-BBEE process. Yes, your business might not need a B-BBEE certificate today, but tomorrow the biggest contract your business might get will depend on whether you have a valid B-BBEE certificate, or your biggest client can start asking for your certificate as they are beginning to participate in the B-BBEE process.

Don’t get left behind!

POPIA compliance in 2026: the basics every business still gets wrong

Even years after POPIA came into full effect, the same compliance gaps continue to surface across different industries. Many businesses believe they are POPIA compliant until a complaint, audit, or data breach proves otherwise.

Here are some of the most basic POPIA mistakes we still see:

  1. Information Officers appointed “on paper only”.
    The Information Officer is registered on the Information Regulators e-Services portal, but there is no real understanding of the role, no internal authority, and no ongoing oversight of compliance activities.
  2. Outdated or generic privacy notices
    Outdated or generic privacy notices often misrepresent actual processing activities in the company.
  3. No POPIA training beyond management
    POPIA compliance is treated as a legal or HR issue, while frontline employees, who handle personal information daily, receive little or no training.
  4. Assuming IT equals POPIA compliance
    Strong IT systems alone are not enough. POPIA also requires policies, procedures, access controls, and human behaviour management.
  5. Weak access control and data minimisation
    Employees often have access to personal information they do not need, increasing the risk of internal breaches and unauthorised disclosure.
  6. No clear process for data subject requests
    Businesses struggle to respond within reasonable timeframes because there is no documented procedure for handling requests.
  7. Not reporting data breaches to the Information Regulator
    Many organisations do not fully understand what constitutes a data breach under POPIA or how to report it. As a result, breaches are often ignored or being overlooked entirely.
  8. Failure to review and update data processing agreements with Operators
    While operators are identified, many businesses fail to put proper data processing agreements in place or to review them regularly.
  9. Treating POPIA as a once-off exercise
    Compliance is viewed as a project with an end date, rather than an ongoing process requiring regular review, updates, and monitoring.

POPIA compliance is about awareness, accountability, and continuous improvement. Identifying and fixing these common gaps is often the first step towards meaningful compliance.

 

 

Speak to a SEESA Expert Today

Recent Posts

    Categories