POPI Act Compliance – why should I comply with the Act?
Many organisations are wondering about POPI Act compliance, what it is and what they should be doing about it?
While full commencement of the POPI Act has yet to take place, sections of the act have commenced which make the Information Regulator a fomalised body. In addition to this, final regulations were published in the Government Gazette in December 2018. Please visit our POPI Act Regulations Summary page for a practical summary.
Progress is being made by the Information Regulator and we expect full commencement to take place in the next few months.
We believe that apart from the legal obligation, there are good reasons for complying with the Act. These include:
- Protecting the personal information of customers, staff and other stakeholders will build their trust in your organisation;
- It will enable you to develop competitive advantage over your competitors who don’t demonstrate their commitment to protecting personal information/data;
- It will enable your organisation to demonstrate good governance and leadership;
- Related areas such as Risk Management, Information Security, Records Management, Information Management and Service Provider Contract Management will improve;
- It will help bring your organisation into line with international data protection laws;
- It will be less expensive to prepare for compliance than it will be to pay penalties and to experience reputational damage.
To summarise, we like to see the reasons as a stick and a carrot!
So where are the “stick and carrot” for POPI Act compliance?
Think about how broad the definition of “personal information” can be: customers, employees, suppliers, in fact anyone we interact with as an organisation has personal information. Get it wrong in terms of POPI Act compliance and potentially stiff penalties could be heading your way, with fines of up to R10 million and potential time behind bars, as well as reputational damage and potential loss of income as a result. That’s the “stick” part of the story.
Get it right in processing personal information in accordance with the POPI Act and you can enhance your reputation with all your stakeholders. The “carrot” aspect also recognises the opportunity to boost confidence in your business by demonstrating the way you provide leadership and good governance in the way you process personal information. Get really creative and you will discover the POPI Act can help you to create new products and services, address new markets and keep ahead of your competitors while delighting your stakeholders.
What is the POPI Act?
The POPI Act has 8 conditions and a number of other areas, key points about the 8 conditions are shown below.
- Accountability = assigning ownership in your organisation;
- Processing Limitation = processing information for lawful reasons and in a manner that does not infringe privacy;
- Purpose Specification =only obtaining and holding personal information for a specific purpose;
- Further Processing Limitation = Further processing of personal information must be compatible with the purpose for which it was collected;
- Information Quality = ensuring that information is complete and accurate;
- Openness = informing individuals that their information has been obtained and the purpose thereof;
- Security safeguards = the integrity of personal information must be secured using appropriate, reasonable, technical and organisational measures;
- Data Subject Participation = a data subject has the right to request access to their personal information that you hold; to request the information is deleted or corrected if appropriate.
So where should you start?
Free IACT-Africa 20 Question POPI Act Compliance Health Check
The easiest and quickest place to start is to try our 20 Question POPI Act Compliance Health Check. Click here to access the health check.
IACT-Africa POPI Act Implementation Methodology
Embarking on a POPI Act implementation project can be daunting for many organisations as it is not a simple law with which to comply. If it is approached in a structured manner, however, it can be less daunting and far easier to tackle.
We make it easy for organisations carry out their POPI Act compliance preparation initiaves through our methodolgy as well as our set of tools, services and in-depth experience.
Please visit our POPI Act Implementation page for more information.
Please contact us for more information or to discuss your requirements.