The Protection of Personal Information (POPI) Act has been signed into law by the President and published in the Government Gazette Notice 37067 in November 2013. The Protection of Personal Information (POPI) Act, No 4 of 2013, promotes the protection of personal information by all public and private entities.
The POPI Act serves various purposes, namely:
It’s really about taking special care of the personal information that is entrusted to you by your customers and clients. If you act recklessly with this information, you not only face regulatory sanctions, but you also run an actual risk of damaging client relationships and overall business reputation. Non-compliance may have far reaching consequences and could expose the Responsible Party to a penalty or fine of R10 million and/or imprisonment of 12 months up to 10 years.
Most businesses in South Africa will be impacted by the POPI Act in one or more ways. The personal information that the POPI Act protects is that of an identifiable person, including information relating to:
Personal information does not refer to information that is already in the public domain or is not used or intended to be used for the purpose of trade or commerce.
The POPI Act includes eight information processing principles or conditions, namely: accountability, data subject participation, and further processing limitation, information quality, openness, processing limitation, purpose specification and security safeguards. These conditions ensure improved data quality and business management.
Once the Act is made effective, companies will be given a year’s grace period to comply with the Act. The Act was partially enacted in 11 April 2014. We are awaiting the commencement date of the other sections of the Act whereby the Information Regulator will start enforcing POPI one year after this commencement date. Indications are that the POPI Act might be fully implemented from the end of May 2017. Realistically, South African businesses should already have started their POPI implementation processes, in order to ensure compliance.
The Information Regulator is an independent juristic body that has been appointed in 2016 in terms of POPI. The Information Regulator is, among others, responsible for educating the public about POPI, handling of complaints, enforcing and monitoring of compliance etc.
SERR Synergy assist businesses and organisations to fully comply with procedures as required by POPI by setting up a comprehensive Information Security Management System (ISMS).
© 2018 SERR Synergy. All Rights Reserved.