How To Comply With The PoPI Act
Compliance with the Protection of Personal Information Act is mandatory for most companies in South Africa.
The PoPI Act came into full effect and force on 1 July 2020 and in terms of this, Companies need to be fully compliant with its provisions by 30 June 2021.
Non-compliance could expose Companies to penalties or fines including imprisonment of up to 12 months. In certain cases, penalties for non-compliance can be a fine and / or imprisonment of up to 10 years.
They need to do the following for them to be compliant:
- Appoint an information officer who will encourage compliance with the conditions for the lawful processing of personal information;
create awareness – make sure employees understand what data privacy legislation entails and what is required of them;
- Personal Information assessment – once all employees are informed, self assessments and audits should start throughout the organisation;
- Develop a compliance framework which can include processes and policies. These may include updating employment contracts, updating supplier agreements, changes to marketing practices and implementation of policies like personal information sharing policy, security compromises policy, subject access request policy, etc.
Apart from the fact that Popi Compliance is a legal requirement and it is cheaper than potentially massive fines and reputational damage for non-compliance, why should your Company put PoPI Compliance in place?
Firstly, protecting the personal information of your customers, staff and others will build trust in your Company and give you a reputation of being a Company that protects and values information privacy. PoPI compliance will also allow you to develop a competitive advantage over those companies that are not committed to data protection.
From an internal perspective, PoPI compliance will increase good governance and leadership within your Company and it will improve areas like risk management, information security, records and information management and service provider contract management.
Lastly, PoPI compliance will bring your Company closer to compliance required by international data protection laws such as the GDPR which will make your Company easier to do business with internationally.
For further information or assistance with Employment or Labour Law aspects, please contact Myers Attorneys on 011 346 2422 or email@example.com.