POPI stands for the Protection of Personal Information Act (No. 4 of 2013).
The act was signed into official law on November 19, 2013. And parts of it became effective only on April 11, 2014.
When the Act was passed into law, it came embedded with a grace period of 12 months. The intention was for businesses to reimagine and update their systems and processes.
Provided that it takes an average of six months-to-two years to implement a POPI-compliant plan, the IR (Information Regulator) emphasizes that businesses must already be preparing themselves, even without a formal launch date in sight. This, of course, also means that it is an opportunity to be educated as individuals and businesses on the intricacies of the laws that affect us.
It is a chance to galvanize us, and our teams around to work together to inspire and maintain transparency.
And in its very essence, the POPI Act inspires the conditions for the lawful processing of personal data of South African citizens.
The Act contains eight general conditions, listed below.
- Processing limitation
- Purpose specification
- Further processing limitation
- Information quality
- Security Safeguards
- Data subject participation
If you’re familiar with the European Union’s General Data Protection Regulation (GDPR), then it’s easier to draw a parallel to POPI as the South African type of European regulation. And as with its European counterpart, POPI makes responsible parties culpable for failures among those who process data on their behalf.
The act also provides South Africans with rights regarding unsolicited electronic communications. Historically, the sector (especially with the fast acceleration of digital platforms) has gone without accountable and regulation.
POPI is different from other privacy laws in different ways. The biggest difference centers on consent. POPI does not require you to get consent from data subjects before processing their data.
The only case in which consent is required is when processing special types of data and the data that belongs to children.
The POPI Effect: benefits of the Act
- When and how you choose to share your information demands your consent.
- The type and extent of information you choose to share must be collected for valid reasons.
- Transparency and accountability on how your data will be processed and proper notification if or when the data is compromised.
- Granting you access to your information as well as the right to have your data removed or destroyed if you that is what you intend to do.
- Who has access to your information, i.e. there must be adequate measures and controls in place to track access and prevent unauthorised people, even within the same company, from accessing your information.
- Storage. There must be sufficient processes in place to guard your information from theft, or being compromised in any way.
- The integrity and continued accuracy of your information is of paramount importance. Your information must be captured accurately and when stored, the organisation is responsible to maintain it.
As usual, ignorance of the law is no excuse. Incorporating POPI into the day-to-day operations of a business will most likely require a significant amount of time and effort, including: educating and training staff, updating business processes and implementing or updating technology solutions.
To that end, we offer 24/7 Servers Monitoring (real-time). Cloud monitoring enables a 24/7 holistic IT environment monitoring that is quick, efficient and proactive, so that you can focus on running your organisation at optimal performance, consistently.
When it comes to staying on the safe aside of data processing, taking swift action is crucial. Consider for example that under the POPI Act you could be breaking the law if you do something as simple as synchronising your contacts on your phone, sending an email with sensitive content, taking and sharing a video or photo, using an international mail provider.
In the course of doing business and sending communications, there is a possibility of data breaches.
It’s crucial that the business is able to protect data and keep applications running in the event of a service outage. Any type of downtime will have an impact on your organisation’s financial, legal or reputational components.
Our service supports your business requirements for the on-going operation of applications and data processing.
For more information, visit our website for a full range of what we offer.