The Protection of Personal Information Act of South Africa (POPIA) was signed into law on 19 November and was published in the Government Gazette Notice 37067 on 26 November 2013. POPIA came into force on 1 July 2020, and businesses have a 12-month grace period before compliance becomes mandatory. Your POPIA Plan needs you now.
What is POPIA about?
POPIA gives effect to our right to privacy. This means that businesses can no longer collect, process, store and destroy personal information recklessly. Moreover, consent to process the personal information of a data subject (an individual or juristic person) must be informed and specific.
What is personal data?
Personal data (or personal information) is any data that can identify a living person. A name, surname, email, online identifier or physical address that can identify a person is considered personal information. Medical history, religious or philosophical beliefs, and trade union membership are also examples of personal information.
What does this mean for my business?
POPIA requires businesses to ensure that they obtain the necessary consent from data subjects to collect and process their data. Data subjects are employees, suppliers, clients or any other person from which data is collected. Businesses typically collect data to open customer accounts, make payments or to perform a service. What will most notably change is the way this process is carried out. In other words, when your business collects information, you must be specific about the purpose for which you need the information, and you must allow the data subject the opportunity to correct the information or to object to its processing. For this reason, it is crucial to ensure that you only collect information you actually need.
POPIA compliancy is anything but simple
POPIA makes clear that the responsible party (the individual or company, either public or private, that processes personal information and determines its purpose) must ensure that data is processed lawfully, even when it is handed to an operator for processing. For this reason, businesses must look at their policies and operator contracts with a POPIA lens. And when the paperwork is in place, regular staff training, policy updates and compliancy audits will ensure continued compliance.
Why are compliancy audits necessary?
At this time, there is no checklist or certificate that anyone can give you that makes you POPIA compliant or certifies that you are POPIA compliant. Additionally, a constantly changing world, technological advancements, staff turnaround and company policy changes are only some examples of how a compliancy plan can quickly become outdated. Audits ensure that changes in your business are recognised and properly documented in your compliancy plan.
We made sure that we are compliant. We can put you in touch with the team that assisted us to get compliant. Connect with us and we will assist.