The Protection of Personal Information (‘POPI’) Act is South Africa’s major data protection law and it comes into effect on 1 July 2020. Violations of the Act could result in fines or compensation for damages as high as R10 million. Here is what you need to know.
The Protection of Personal Information (‘POPI’) Act is South Africa’s major data protection law and it comes into effect on 1 July 2020. First implemented in 2013, the Act gives effect to Section 14 of the Constitution, which provides that everyone has the right to privacy.
The POPI Act changes the way all companies are required to treat personal information. From next week, there will be new laws in place that government, companies and organisations must follow when they’re using or storing people’s personal information.
Companies have one year, until 1 July 2021, to become compliant.
Violations of the Act could result in fines or compensation for damages as high as R10 million.
Here is what you need to know.
The Act sets out rules for the collection, processing, storage and sharing of someone else’s personal information and will hold institutions accountable if they misuse or compromise personal information.
Direct marketing will be hardest hit, as people will now have to agree to being contacted. This means no more cold calls or voicemails from robots.
While data protection laws of many other countries exempt SMEs, this is not currently the case in South Africa.
Furthermore, every person and company is protected by this Act.
The following information is considered personal or “precious goods” according to the legislation:
NOTE: If this information is posted on your social media pages, you cannot complain about it being used in a data directory.
Sections 2 to 38; sections 55 to 109; section 111; and section 114 (1), (2) and (3) commence on 1 July 2020.
These sections are essential parts of the act and comprise sections which pertain to, among others things:
Sections 110 and 114(4) commence on 30 June 2021.
Firstly, the purpose of the POPI Act is to protect people from harm by protecting their personal information.
Secondly, the Act aims to protect people from having their money or identity stolen and to protect their privacy, which is a fundamental human right.
Furthermore, the POPI Act encourages transparency and openness and aims to increase customer confidence in organisations. This means your clients/customers will have more trust and confidence in your business because they their information and their interactions with you are secure and protected.
The people whose information is gathered and processed will now have the right to:
The main motivation for complying with the POPI Act should be to protect people from harm.
To become compliant, businesses need to capture the minimum amount of required information, ensure its accurate and remove information that isn’t required.
Responsible parties (i.e., your business) can take various steps to comply:
Make sure your business takes the appropriate measures to keep the personal information safe and reduce the risk of your system being breached.
You can read the full act and its various sections here.
Here’s what we've been posting lately.