The Protection of Personal Information Act (“the POPI Act”) sets out standards for the lawful processing of personal information. It was was enacted in 2013, but it has yet to commence. However, with the GDPR about to celebrate its first anniversary, South Africans are wondering when the POPI Act will commence and what it will mean for them and their businesses.
While we are still unsure of when the POPI Act will be legislated, it is suggested that 2019 could be the year the Act comes into effect. With this in mind, we thought we’d share a refresher on what it will mean for you and how you can make sure you comply.
What is the POPI Act?
In today’s digital world, information and data are flowing freely through businesses more than ever before. Every time you use a service, create an online account, or buy a product online, you are required to hand over some personal information. This information is generated and processed and is often instantly accessible by companies and organisations you’ve never interacted with.
In an effort to protect and uphold the right to privacy of both individuals and companies, the POPI Act regulates how personal information is used and re-used by the recipients of the information.
What personal information does POPI regulate?
Personal information is basically any information that relates to a person. This includes, but is not limited to:
- Marital status
- National/ethnic/social origin
- Sexual orientation
- Physical or mental health
- Religion / beliefs / culture
- Educational / medical / financial / criminal or employment history
- ID number
- Email address
- Physical address
- Telephone number
- Biometric information
- Personal opinions, views or preferences
With the POPI Act soon to become a reality in South Africa, companies that deal with personal information need to ensure they comply to the Act. Contravention of the Act could result in serious implications, including fines of up to R10 million, and prison sentences between one and ten years.
What do you need to do to comply?
The extent of work needed to become compliant with the POPI Act will vary from business to business. One of the first steps to compliance is training and awareness. POPI Act training for key employees may be the single most important way to ensure that a company is positioned to “understand” the implications of the POPI Act. Here is a link to a free training guide put together by our team.
Once you understand the basics of the POPI Act, it is advised that you conduct a POPI Gap Assessment of your business. This will ensure that you know where you compliance gaps lie and how to correct them. For more information on this or anything related to the POPI Act, don’t hesitate to contact us on firstname.lastname@example.org