How to comply with The POPI Act in South Africa

Getting your Business ready for the 1 July 2021 POPI Compliance deadline can be a very daunting task, as the internet can leave you confused and overwhelmed by the volume of information on POPI, and no clue where to start to ensure your business is implementing the correct procedures or policies to be compliant. 

In this post we cover the questions most South African business owners have with regards to POPI Act Compliance. 

What is the POPI Act?

Also know as POPIA, The Protection of Personal Information Act, No 4 of 2013,  promotes the protection of personal information by public and private bodies. This Act sets out the legal requirements and guidelines that businesses and private individuals are required to follow when sourcing, storing, processing and sharing personal information.

The Act was signed into law by the President of South Africa on 19 November 2013, thereafter proclaimed the POPI commencement date to be 1 July 2020.  Section 114(1) is of particular importance as it states that all forms of processing of personal information must, within one year after the commencement date, be made to conform to the Act. This means that entities (both in the form of private and public bodies) will have to ensure compliance with the Act by 1 July 2021.

To view the full Act, Click here.

The POPI act outlines these eight conditions when storing and processing personal information to encourage responsibility, security and consent:

• Accountability
• Processing Limitations
• Purpose Specification
• Information Quality
• Openness
• Security Safeguards
• Date Subject Participation

What is regarded as Personal Information according to the Act?

Personal information relates to any identifiable information pertaining to staff and employees (HR data), personal information collected from data subjects (client/member data) and the personal information processed, stored or shared in terms of any third-party agreement (third party data or data-sharing).

Need to speak to a POPI Compliance Expert? Click HERE to get Free Consultation now.

What are the steps to become POPI Compliant?

Step 1: Create Awareness

Ensure your employees are aware of the POPI Act and the regulations set out which they need to adhere to.

Step 2: Data Collection Assessment

Assess the manner in which your clients, and employees’ data is collected, stored, processed, and ultimately disposed of.

Step 3: Company Policies Review

Create and setup the correct policies and procedures to ensure the correct processing of personal information.

Step 4: Gap Audit

Policies and procedures should be assessed by a POPI specialist to ensure it aligns with the requirements of the POPI act.

Step 5: Implementation and Training

Adequate communication and training should be provided to all within the company with regards to all policies and procedures. 

Need assistance with Your POPI Compliance? Click HERE for our POPI Compliance Certificate service now!

What are the consequences for Non Compliance?

As per Section 107 of the POPI Act, the Information Regulator (South Africa), may institute a fine or imprisonment of up to 12 months.

In some cases, depending on the Sections of the Act you do not adhere to, or if convicted of an offence in terms of the Act, you may be liable for a fine of up to 10 million or imprisonment of up to 10 years. 

Don’t miss the POPI Compliance deadline!

Sign up for a free consultation with our POPI Experts today!