Contact Us on 021 422 4963 / [email protected]
POPI stands for protection of personal information generally, while POPIA (or the POPI Act) stands for the Protection of Personal Information Act, 4 of 2013 – the actual legislation. Both terms are often used interchangeably and in essence refer to the same thing, that is, the Act that regulates the protection of personal information in South Africa.
The Protection of Personal Protection (POPIA) Act, 4 of 2013, has introduced recent amendments in which certain significant sections (Sections 2 to 38; 55 to 109; 111; and 114 (1), (2) and (3)) took effect from 1 July 2020.
Compliance is fully enforceable one year thereafter – 1 July 2021.
The legislation was enacted to promote protection of sensitive information by public and private bodies, the most essential elements of the Act are now in force which namely deal with the following:
To balance the right to privacy with others such as the right to access to information, businesses will need to ensure correct compliance with POPIA as the Information Regulator begins to fulfil their duties.
Businesses need to obtain consent from individuals before information may be collected, processed, or stored. In addition, marketing strategies like electronic communication to individuals may only be done so with their express consent.
A greater of standard of accountability is further necessary to ensure personal information is collected, processed, stored, and shared in a lawful manner with the appropriate safety measures. Safety from data breaches and theft mean that businesses are now charged with taking “appropriate, reasonable, technical and organisational measures” to mitigate the potential loss or theft of data.
Therefore, it is better for businesses to avoid unnecessarily obtaining personal information. Where it is necessary – IT support can ensure electronic data is kept safe with staff access only. Where information is no longer needed, it can be safely and secured discarded.
Businesses ought to be alert to the processes and rules that offer further guidelines. An Information Officer must be registered with the Information Regulator – this position will be designated to the head of a business. Once registered, they can fulfil their duties in ensuring that the business has taken necessary and sufficient steps to comply with the Act.
Non-compliance with the Act can result in a fine or even imprisonment. It is vital that businesses protect their client’s information which has been entrusted to them, while in the same vein, protecting themselves.
Contact our attorneys in Cape Town for expert legal advice.
Get the latest updates in your email box automatically.
Your nickname:
Email address:
Subscribe