As you probably know, the POPI Act has come into effect as of the 1st of July 2020 in South Africa and companies have been given a further grace period of 12 months to ensure compliance, thereafter no mercy will be shown for companies found to be non-compliant!
So, the question is.....is your company compliant?
First, lets get a quick overview of what is POPI Act and why is it so important for a company to be compliant?
What is the POPI Act and Why is it Important?
The purpose of the Popi Act (The Protection Of Personal Information) is to ensure that all South African Institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise a person’s personal information in any way, shape or form. Although most companies will see this Act as just another burden placed on businesses, it can have a massive impact on assisting businesses with re-evaluating their processes and policies which can lead to massive efficiency gains.
As most businesses in South Africa collect and handle “personal information” from staff, customers and suppliers on a daily basis, it is critical that businesses know what is required from them to be compliant. Some examples of information that is considered “personal information” are ID or passport numbers, birth dates and age, phone numbers, addresses, photos, video footage (including CCTV footage.) etc. The Act lists several conditions for compliance that a business needs to follow and if a company is found to be non-compliant, they could face a fine of up to 10 million Rand or 10 years in jail. So, non-compliance is unfortunately not an option!
Here are some useful sites to help you gain a better understanding of this topic:
To assess if your company is on the right track, ask yourself the following questions:
- Are you confident that your company is compliant with the POPI Act?
- Who in your business is accountable for the compliance of POPIA - have you appointed an Information Officer to ensure accountability?
- Are your staff trained and aware of what is required from them, do they under the Act and are they complying? Can you measure this?
- Can you prove that the personal data you collect is indeed required and that it is not excessive? If not, what measures are you taking to ensure your business is compliant within the next 12-month grace period?
- How are you handling the collection of personal information in your business? Is it stored securely?
- Can you seamlessly track and report on who has accessed records that contain personal information and how have they interacted with this data?
- Do you collect personal information from staff, contractors, clients, members, consumers and if so, how are you collecting, using, sharing, storing and disposing of these records?
- Do you know the penalty associated with non-compliance?
- Do you have a POPI-compliant privacy notice on your website?
- Does your Covid-19 screening process comply with the POPI Act?
If you cannot confidently answer these questions, it may be time to contact Green Office to assist your business in building a sustainable business model by designing, developing and implementing a secure record retention and process management application that can make POPI compliance easier for you and your business.