Irrespective of whether POPI has been fully implemented, businesses are required to exercise a duty of care in respect of the personal information of other people and their own companies in terms of the Companies Act to avoid significant civil claims.
POPI is not a unique phenomenon to South African law. Other countries have the same type of legislation to safeguard the personal information of their “data subjects”. The general consensus appears to be that POPI is well thought through as it was bench-marked with the “best of” other similar international laws, learning from their deficiencies and blunders.
Most companies made parallel changes with the inception of the Consumer Protection Act (CPA) way back in 2008. With POPI demanding the same level of commitment and consideration from company executives, it is critical to steer organisations in the right direction by preparing for and accommodating new data legislation. Realistically, South African businesses should already have started their POPI implementation processes in order to ensure compliance.
The POPI Act in simple terms sets conditions for how you can legally process personal information. POPI regulation fundamentally views personal information as being valuable possessions and consequently aims to give you, as the possessor of your personal information, certain rights of protection. Its main purpose is to ensure that when storing, processing, gathering, and distributing another entity’s personal information, all South African entities can be held accountable should they compromise or exploit personal information in any form.
We live in an information era and along with this evolution comes the obligation for every individual to safeguard their own information. For example, you cannot accuse someone else of sharing your personal information when you widely publish exactly the same information on public domains or directories such as Facebook or LinkedIn. With advanced technology it is extremely easy to gain access to and collect and process high volumes in a very short period of time. It is important to note is that this information can be used for additional processing or can even be sold. Imagine the permanent damage that this can cause companies and private individuals!
Integrating POPI into the daily operations of a business will definitely require a substantial amount of time and determination, for instance updating all business practices; training and apprising employees; and updating technology solutions. POPI may seem to be subject to manipulation and challenging to understand when you apply it to your specific circumstances as it deals with intangible concepts. Where should a business owner start?
Fortunately the implementation of POPI in your business does not have to be a time-consuming or demanding task if you have implemented an Information Security Management System. By implementing POPI, you have an opportunity to evaluate and streamline your business operations, policies and processes based on comprehensive business practices by embracing applicable and cost-effective technological solutions.
© 2018 SERR Synergy. All Rights Reserved.