The Protection of Personal Information Act (POPIA) comes into effect on 1 July 2021 after the Act was initially introduced on 1 July 2020. Companies had a 12-month grace period to become POPI compliant.
So, what does the POPI Act mean for businesses in South Africa? Regulations will need to be complied with, and failing to meet the requirements, leaves you at risk of being fined up to a maximum of R10 million.
There are a few things businesses can do to ensure they remain POPI compliant:
Understand what personal information you are acquiring for your business and why you are acquiring this information. If audited, the company must be able to justify the collection of personal information from its clients.
Get rid of any information that is irrelevant to the business operations. By keeping irrelevant and unused data, the company runs the risk of being fined.
All data which contains personal information must be stored safely and correctly. The business needs to minimize the risk of theft or loss of personal information.
The days of sending Opt-out marketing emails and SMSs are gone, and this is no longer allowed. Unless the person is an existing customer, consent is required.
Updating your company documents is an easy and quick way to allow for the transition to becoming POPIA compliant. All updated documents aid in ensuring the business is POPIA compliant. These documents include the company privacy policy and supplier and employee contracts.
For more information on the latest updates with POPIA, visit https://www.popiact-compliance.co.za/