Popi Act coming into effect – what do you need to know to avoid being fined
Romany Thresher chats with Mercia Flynn from Kisch IP Intellectual Property Services, about the new POPI Act. Kisch IP has been entrenched in the history of South Africa for 146 years, assisting clients from individuals to multi-national corporations in all sectors, by safeguarding their intellectual property rights, both locally as well as internationally, worldwide.
What is the Popi Act and what do companies need to know about it and what are the consequences of non-compliance?
This new act is to bring South Africa in line with global requirements of data protection. The POPI Act governs the collection of personal information of an individual or a company. For instance, all personal information from your opinions, geo location and all your personal information. It sets certain conditions for companies or individuals, who collect your personal data, to lawfully process this information.
Businesses will now have to process all personal information in compliance with the Act. There are hefty penalties for non-compliance from R1 million to R10 million as well as imprisonment of 10 years.
How does one become compliant with this new POPI act?
Firstly, one has to establish what personal data are you collecting and what requirements are necessary. For example, how are you collecting the data? Why are you collecting the data you are collecting and for what purpose?
- What are you going to be using this data for?
- How are you going to store it securely and what procedures you have in place to destroy it, once it’s not needed anymore?
- What security measures you have in place to secure data leaks?
- Are you transferring this date outside South Africa? Do you have a compliance Officer?
Do you have the necessary safeguards in place? Anti-virus, firewalls and only giving information on a need to know basis. Human intervention is responsible for all data leaks, so it’s vital that your staff is well trained and checked to ensure that they are not giving out personal information.
We often find it quite overwhelming that banks and other institutions gather our personal information and it’s a weight of responsibility for anyone to collect this information and keep it safe. What is required by banks and ecommerce is not the same as your local ‘mom and pop’ store.
What can practical steps can businesses take to ensure they comply?
All required persons should set up a POPI Act implementation plan. Every business needs a POPI policy of how it collects, processes, stores and deletes your information. It’s important that every company puts this policy on their website so it gives their clients a sense of security that that company is going to take proper care of your information.
What guarantees do we, as the general public, have that your information will not be sold to a 3rd party?
Under this new Act, it is illegal for anyone to sell your information on to a 3rd party. However, in certain instances, one company has to work with another company but you still remain responsible for any breeches of information leaks. That’s why it’s important to ensure that you have an indemnity clause with your other parties. This means that you will be able to recoup any losses, should the policy be breeched by your associates. The good news is that data privacy laws are international. You also have the right to audit the systems of your service providers. Are they compliant?
The consumer must always give consent to allowing their data to be used and you must have an ‘unsubscribe’ button. All lists by consumers who don’t wish to be contacted must be scrubbed from your system.
Of concern are lists that patrons are required to fill in at restaurants, hairdressers, shops and places they visit, where they take your personal details and temperature. How are these lists being disposed of?
It’s important that businesses engage the services of a reputable lawyer who can assist you with compliancy. So if you’re feeling like you can’t see the wood for the trees and need help with the POPI Act, you can contact Kisch IP, who will be more than happy to assist you with the process from start to finish.
Romany Thresher is a strategic thinker and natural connector with a talent for identifying opportunities for your business or venture.
Organising, and overseeing your online digital systems and processes for your webinars and virtual events. Website set up, email communications, social media marketing and set up registration and feedback processes. Ensuring that you collect the necessary information to help you obtain a better understanding of your customer’s expectations.
Romany adds value to your business always being on the lookout for new opportunities to connect like-minded individuals who can add value to each other for a mutual benefit. Assisting you in online networking, lead generation, and giving you ideas and strategies to develop relationships with key stakeholders, sponsors, partners, and suppliers in your industry. Working in the background so you don’t have to.
What do you need to implement and upgrade in your life and in your business and who do you need to align yourself with so that you and those you work with and collaborate with can make a positive impact in your collective environments and communities?
Let’s find out!