So much of our lives has become digital, from shopping and banking to watching movies and, more importantly … working, that there’s a heap of our personal information stacking up in cyberspace every day.
The fast-growing digital economy and the escalation of personal data creation has jump-started governments worldwide to introduce data privacy regulations. This, in an effort to keep people safe by protecting their personal information.
The main purpose of South Africa’s Protection of Personal Information Act (POPIA) is to uphold a basic human right, that of protecting people’s privacy while helping to stop their money or identity from being stolen.
What does POPIA mean for business?
To be compliant with the relevant privacy law, businesses are having to adjust, or entirely change, their systems to ensure the personal information they collect, process, keep or share is protected against loss and misuse.
For many businesses this will mean:
- Documenting how personal information is processed as it moves through the business
- Restructuring how they handle information
Understanding how POPIA will impact their email and direct marketing strategies
- Implementing digital cyber security to protect their data
- Installing a business continuity solution
- Using compliance software to manage, and keep track of, their compliance status
Like other data privacy regulations around the world, such as Europe’s General Data Protection Regulation (GDPR), POPIA stipulates certain conditions for the processing of personal data. These are:
- Personal information must be accurate and relevant and processed in line with the Act.
- A person must have given informed and specific consent for the information to be processed.
- The information can then only be collected for that specific purpose.
- The information can’t be used for another purpose unless consent is given for that.
- The information needs to be complete, accurate, not misleading and updated when necessary.
- Safeguards must be put in place to protect the information’s integrity and security.
- The data subject must be able to request the information and have it deleted or changed if they choose.
- The information must be protected against the loss, unlawful access, interference, modification, unauthorised destruction and breach.
POPIA compliance may seem a daunting task, but there’s comprehensive compliance software out there to help you achieve and manage your ongoing compliance. Good software will include tools to:
- Demonstrate compliance
- Manage compliance tasks, including:
- data mapping
- data protection impact assessments (DPIA)
- operator agreements
- data sharing
- subject access requests
- Collaborate with colleagues
The POPIA Act has a one-year grace period, which means that it’s only by 1 July 2021 that businesses need to be showing their compliance with it.
If you need help with your data mapping or any aspect of compliance, chat with us.