On 1 July 2021, the Protection of Personal Information (POPI) Act officially comes into effect. The purpose of the POPI Act is to protect the right to privacy of every person as enshrined in Section 15 of the Bill of Rights contained in our constitution. To accomplish this, it outlines eight principles that South African data processors must follow.
Each principle encourages responsibility, security, and consent. It also provides special protections for distinct categories of data relating to people.
What does POPI mean for South African businesses and data processors? Keep reading to learn what POPI includes and learn how to comply with its provisions.
What is POPI?
POPIA is shorthand for the Protection of Personal Information Act No. 4 of 2013.
The Information Regulator advises that businesses should already be preparing, given that it takes six months to two years to implement a POPI-compliant plan.
In essence, the POPI Act provides the conditions for the lawful processing of personal data of South Africans (both South African citizens and those living in South Africa). It includes eight general conditions and three less descript conditions.
POPI makes responsible parties culpable for breaches among those who process data on their behalf.
It also provides South Africans with rights regarding unsolicited electronic communications.
For most South African companies, the biggest change was the introduction of restrictions for processing special types of personal information. The marketing, healthcare, and the financial industry are among the most affected, but don’t let that make you think that Community Schemes are exempt.
Who does POPI apply to?
POPI applies to all public and private bodies who are either domiciled in the Republic of South Africa or who are domiciled elsewhere and process the personal information of both South Africans and persons living in South Africa.
“Automated” refers to using equipment that processes information automatically according to a data processor’s instructions.
POPI regulates your business’s use of personal information. According to the text, personal information is:
“information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.”
The POPI Act’s Eight Conditions for Lawful Processing
POPI issues its rules for using South African data in Chapter three. It refers to these rules as conditions, and they largely cover what data you collect, what you can do with the data, and how you protect both the data and the data subject.
POPI includes eight conditions for lawful processing including:
- Accountability
- Processing limitation
- Purpose specification
- Further processing limitation
- Information quality
- Openness
- Security safeguards
- Data subject participation
Leigh-Anne Harrison goes into detail on these 8 conditions in the below webinar:
How to Comply with South Africa’s POPI Act
If you process data in South Africa, then you have an obligation to comply with POPI. But what does that mean in practical terms.
The principles of compliance mean you must:
- Obtain consent before collecting data (or processing, storing, or sharing it)
- Be sure to only collect data needed for legitimate purposes
- Use the information in a way that matches the purpose of collection
- Take reasonable security steps to protect the integrity of the information
- Store the information only as long as required
- Uphold data subjects’ rights by providing access and corrections to information
- Create policies to notify the Regulator about your processing activities, such as a Privacy Policy
Are You Ready for POPI?
Ultimately, if you process data fairly, ethically, and safely, then POPI is unlikely to require dramatic changes to your Community Scheme. However, a gap assessment and risk assessment is advisable to tell you what comes next and how to steer your organisation towards POPI Compliance.
We offer FREE resources to assist you with implementing POPI in your Community Scheme:
Read more about the POPI Act here:
Read more about the PAIA Act here:
Make POPI rules in your Community Scheme legal with our FREE policy – Download a copy here:
Make POPI implementation easy with our FREE plan. – download your copy here:
Make PAIA implementation in your Community Scheme easy with our FREE policy – download your copy here:
