The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons). The POPI Act is important because it protects data subjects from harm, like theft and discrimination. The risks of non-compliance include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect important data.
The way we live is becoming more digital. Our personal information is no longer only in our ID Books and papers kept in a safe. Our core communication, banking and shopping can now be done on digital platforms. Therefore, as businesses, it is important that they keep their client's information protected by law.
The POPI act is an incredibly complex and multilayered set of regulations that ensure that all the information a person hands over to another party is handled with care and not used for malicious purposes. The punishment for not adhering to the Act isn’t simply a slap on the wrist, but could, in the worst-case scenario, result in imprisonment of between 10 to 12 years.
The management of data is a time-consuming and costly task, especially for small businesses with restricted budgets. While for many large corporations that handle an abundance of personal data, such as banks and financial institutions, storing and managing data onsite is the most viable solution. They can afford the physical hardware and the resources and manpower to maintain the information networks, therefore making it much easier to keep up with new regulations.
Understand to what extent Personal Information is processed with existing polices in place which can be compared to the requirements of the POPIA. This give us an indication as to where we stand and the required steps that should follow.
With an idea of the extent of requirements needed. We can now identify stakeholders, a sponsor, a project manager who will be responsible for the project management triangle (Budget,Scope and Time) .
Every business needs an Information Officer who will take accountability and responsibility of all valuable data within the organisation. You also need to ensure that appropriate training is provided to all staff members.
Based on the outstanding requirements and understanding the internal Personal Information lifecycle, reasonable and appropriate measures must be put in place to ensure ongoing compliance.
Changes naturally brings resistance, however the protection of personal information is a world wide concern and quiet frankly it is not going anywhere. We should foster the change of POPIA as the new business norm.
Like all regulatory or requirement tools in existence they is no guaranteed method of achieving the desired results as one has to take into account many environmental variables. What we offer is an information management tool which is bred on some of the worlds most cutting edge technologies with the intention to resolve some of businesses most pain staking tasks.