Perfect Your POPI Process
You might have heard it by now, the POPI act is official! We know the topic of POPI can cause one to feel distressed and overwhelmed, so we have decided to put together a simple way for you to understand what the legislation is about and how it can be implemented.
What Really Is POPI?
POPI is South Africa’s data privacy law, the acronym stands for the Protection of Personal Information Act, 2013. It is also commonly referred to as POPIA. This legislation now governs when and how organisations collect, use, store, delete and otherwise handle personal information.
What Is Regarded As Personal Information Under POPI?
In simple terms personal information is any information that can be used to personally identify a natural or juristic (organisations) person. This is inclusive of an individual’s name, identity number, age and addresses.
Who Does POPI Apply To?
POPI applies to all local and foreign organisations processing (collecting, using, handling) of personal information within South Africa.
What Does The POPI Legislation Mean For Your Business?
From 1 July 2020 organisations will have 12 months to become POPI compliant. Your organisation must work towards full compliance. For most organisations, this is no easy task as it calls for an analysis of all personal information within your organisation, where you get it from and what you do with it.
It is strongly advised that organisations that have not yet started becoming compliant start to do so as soon as possible or they could face fines, penalties or other consequences in future.
What Does IT Mean To Be POPI Compliant?
You will need to establish procedures that ensure that only you collect, use, store, delete and handle personal information in permitted ways. This information needs to be protected from unapproved access or loss.
The measures that each organisation employs will be different, however, in practice it will mean more policies and process flows for your organisation. You will need to develop a culture of data protection in your organisation.
What Does POPI Mean For Me As A Consumer?
Consumers will benefit by having the peace of mind from POPI’s requirements, in that their personal information will be protected and can only be collected or handled where there is a lawful justification or consent to do so.
POPI gives consumers certain rights in respect of organisations handling their personal information. It gives consumers greater control over their personal information. Consumers are aware about what personal information is collected, by who and why so that consumers are able to make informed decisions.
Who Regulates POPI?
POPI is regulated by the Information Regulator.
What Fines and Penalties Can I Expect for Non-Compliance?
Depending on the offence, fines and penalties vary with a maximum of 10 years in prison or a R10 million fine.
Does POPI Add Anything To My Constitutional Right To Privacy?
All individuals have a constitutional right to privacy, which has many facets (such as privacy in the home, private communication and private information about a person).
POPI gives practical effect to that right as it relates to personal information handled by organisations. It provides a direct system through which that aspect of the right can be enforced.
Is POPI different from the GDPR?
POPI is similar to the European Union’s data privacy law, called the General Data Protection Regulation or GDPR, however, differs in some aspects. The main difference is that POPI regulates corporate personal information, where appropriate, whereas the GDPR does not.