Protection of Personal Information Act (“POPIA”) Compliance

Written By Domonique Ramos

Parliament assented to the Protection of Personal Information Act of 2013 (“POPIA”) on 19 November 2013. The commencement date of section 1, Part A of Chapter 5, section 112 and section 113 is 11 April 2014. The commencement date, (as per section 115) of the other sections is 1 July 2020 (with the exception of section 110 and 114(4). The President of South Africa has proclaimed the POPIA commencement date to be 1 July 2020 and all provisions come into effect one year thereafter.

Setting the standard for the protection of personal information, POPIA is a new, all-inclusive piece of legislation that safeguards the integrity and sensitivity of personal information.

POPIA requires a Responsible Party, which includes a natural or a juristic person in the form of a public or private body to protect the personal information (see the definition below) collected in respect of any person, defined in the Act as a Data Subject.  Organisations should be considering what personal information they capture, how it is managed, processed, stored and how best to secure the personal information within the day-to-day operations of the organisation and, in accordance with the framework as set out in the Act.

All organisations are required to be compliant with the provisions of POPIA and the regulations published in this regard by 1 July 2021.

“personal information means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to:

  1. information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person;

  2. information relating to the education or the medical, financial, criminal or employment history of the person;

  3. any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier or other particular assignment to the person;

  4. the biometric information of the person;

  5. the personal opinions, views or preferences of the person;

  6. correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;

  7. the views or opinions of another individual about the person; and

  8. the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;”

Non-compliance with the provisions of POPIA may leave your organisation guilty of committing an offence. The consequences of which are far-reaching and include exposure to penalties in the form of a fine up to a maximum of R10 000 000.00 or imprisonment for a period not exceeding 10 (ten) years or, to both a fine and imprisonment and lesser penalties for less serious offences.

Contact us today to enable us to ensure your organisations full compliance before 1 July 2021.

We can assist you with the following:

  1. providing general advice regarding POPIA;

  2. ensuring that adequate measures and standards exist within your organisation in order to comply with the mandatory conditions imposed by POPIA for the lawful processing of personal information;

  3. the appointment of an Information Officer within your organisation;

  4. compilation of a compliance framework tailored to the needs of your organisation which must be developed, implemented, monitored and continuously maintained;

  5. developing a privacy policy and manual specific to your organisation and assistance in ensuring your organisations compliance therewith;

  6. drafting of a data processing agreement between your business and third-party operators;

  7. drafting of ancillary documents and as prescribed;

  8. supplying you with all relevant forms;

  9. assistance with developing internal measures together with adequate systems to process requests for information or access thereto;

  10. assistance in raising internal awareness regarding the provisions of POPIA, the regulations, codes of conduct, or information obtained from the Information Regulator;

  11. alert you to future developments regarding data protection compliance in the form of newsletters;

  12. provide on-going advice when doubt arises as to sufficiently protected information and potential breaches thereof;

  13. assistance with complaints referred to the Regulator.

-        Domonique Ramos | 07 June 2021

Domonique Ramos
Previous

Industry updates | August 2021
Next

Industry updates | June 2021