Certain provisions of the Protection of Personal Information Act, Act 4 of 2008 (‘POPI’ or ‘POPIA’) came into effect as far back as 11 April 2014. Then, in June of this year it was announced that the balance of requirements would come into effect on 01 July 2020 – but with a one-year grace period, which means it will only be enforceable from 01 July 2021.
“The fines for not adhering to POPI requirements are much higher than CPA, for example 10 years in jail or a R10m fine.”
Advocate Louis Nel, also known as Louis-the-Lawyer, encourages businesses to start working on compliance now, to be ready by the end of this grace period. He adds, “A word of warning: The fines for not adhering to POPI requirements are much higher than CPA, for example 10 years in jail or a R10m fine. And yet research has shown that 75% of business’ cookie policies are non-compliant!” (Source: My Office News; 01 July 2020)
To help you prepare, Adv Nel shares the following checklist for POPI compliance*:
- Appoint an information officer to be responsible for CPA compliance
- Analyse how your business currently deals with personal information
- Communicate new POPI processes with your clients
- Update your contracts with suppliers
- Look carefully at any cross-border dealings (POPI applies to the processing of personal information in South Africa, both for parties who reside in South Africa or those who reside elsewhere)
- Update your employee contracts, training and internal awareness
- Update your Terms and Conditions
- Ensure you have good security safeguards in place, to protect any personal information you are storing
- Update your direct marketing strategy to comply with POPI
- Update your storage and deletion policy
* Please note that this list is not exhaustive, and it will be supplemented by Adv Nel with future articles on the topic of POPI.