Your business and POPIA: 1 JULY IS NEAR
Advocate Tlakula, chairperson of the Information Regulator, confirmed that the one-year grace period given to South African organisations to comply with the Protection of Personal Information Act (POPIA) will not be extended. This means businesses must be compliant by 1 July 2021.
As a business owner you are likely to have been inundated by fear inducing media reports confirming that businesses that are not compliant by the due date, regardless of whether it is intentional or accidental, will face severe penalties. The Act indeed makes provision for fines of up to R10 million and a jail sentence of up to 10 years, depending on the seriousness of the breach; but POPIA’s aim is not to punish but rather to establish good business governance principles with regards to the personal information that businesses deal with.
So, when planning your business’ compliance journey, keep the NIKE strapline in mind: Just Do It. This is best achieved by knowledge and understanding of the requirements of POPIA, rather than fuelled by threats of financial penalties and reputational damage.
POPI in the simplest terms sets out ways in which businesses must deal with the personal information that they hold. This includes personal details of their employees, as well as the personal details of their customers, clients and service providers, whether the customers and clients are individuals or other businesses/entities.
No matter the size of your business operation, you will hold (i.e., record) details of your customers, employees and third parties that provide services to you, online or on paper. As such you should now commence steps to make sure the information is safeguarded as required by POPIA in order to ensure that you are compliant when the Act becomes enforceable in July 2021. The following upcoming publications will elaborate on this aspect in detail:
Complying with POPIA is a requirement for most businesses, no matter their size: how?
Step up IT security to comply with POPI;
Ensuring compliance with POPIA is not an IT responsibility;
Debunking the one-size-fits-all approach to complying with POPIA;
Complying with POPIA is more than just red tape.