As of 1 July 2020, your inbox was probably flooded with emails from companies updating their Privacy Policies to ensure compliance with the Protection of Personal Information Act (POPI Act).
The POPI Act came into effect on 1 July 2020, with a 12-month grace period to give companies time to comply. Every business that receives and processes personal information of individuals needed to be compliant from 1 July 2021.
The POPI Act has become a big deal because it introduced changes to how personal information can be used by South African businesses.
Any personal information collected from an individual in South Africa is now protected under the POPI Act.
If you are worried about how the POPI Act could impact your business, check out our 8 quick tips for POPI Act compliance.
1. Accountability
Ensure the lawful conditions of compliance are met by appointing an Information Officer to oversee compliance.
2. Processing Limitations
Your business should process necessary personal information only insofar as it relates to the function or activity of the business. Such processing can only be done subject to the consent of the data subject (i.e., the person to whom the information belongs), as this ensures that s/he is aware that the personal information is being processed, the purpose as well as the type of information being processed.
3. Purpose Specification
Personal information must be collected for a legitimate and lawful purpose and must not retained for longer than the required period unless it is lawful to do so.
4. Further Processing Limitation
The business must prevent the use of the personal information in a manner that is inconsistent with the purpose for which the information was collected. Any further processing of information must be compatible with the purpose of collection.
5. Information Quality
Personal information must be complete, accurate, not misleading and updated where necessary. It is the business’s responsibility to ensure that reasonably practicable steps are taken to ensure that these requirements are met.
6. Openness
The data subject whose information you are collecting must be aware that you are collecting such personal information and for what purpose the information will be used.
7. Security Safeguards
The business must take measures to secure the integrity and confidentiality of personal information in its possession by taking reasonable and technical measures to prevent loss, damage and unlawful access to the information.
8. Data Subject Participation
The data subject is entitled to an explanation of the personal information, request access to the personal information and request deletion or correction of the personal information.
The abovementioned tips are the conditions set out in the POPI Act and they are key to your compliance. They should be used to inform the actions and procedures your business must take to become, and remain POPI Act compliant.
For specific details on POPI Act compliance, take a look at our detailed POPI Act Compliance Checklist. If you are unsure about POPI Act compliance, schedule a consultation with us to discuss any questions you have. You can contact us on: info@xelleratelegalsolutions.co.za or 072 438 8275.
Get our POPI Act Compliance Checklist (free):
Please enter your email address below and we will send you our free POPI Act compliance check list.