Three things you may not know about POPIA

The basics of South Africa’s Protection of Personal Information Act (POPIA or POPI Act) are becoming common knowledge in the business world, but a few points are less well known and will be useful for those who already know they need to comply with the privacy regulation.

Determining a breach

Under POPIA any unauthorised access to personal information is regarded as a breach. So, even if nothing is actually done with the information that’s been accessed without authorisation it’s still treated as a breach and you have to inform data subjects.

However, under POPIA, a breach isn’t necessarily regarded as non-compliance. If you can show that you’re taking reasonable steps to avoid a breach then you’ll still be considered compliant. It’s therefore vital to show proof of compliance activity such as training employees in cyber awareness and having a good cyber security strategy.

Outsourcing compliance

While it is wise to get help with your POPIA compliance from a dedicated software provider, you can’t outsource your compliance totally because no provider can ensure against negligence or inhouse illegal activity. As part of your compliance strategy you need to be able to show that you have security checks and measures in place to detect what software won’t be able to pick up.

Considering fines

POPIA requires an ongoing commitment to data protection – it’s not a one-off exercise – therefore one can’t opt to rather pay a fine than become compliant because the penalties for non-compliance are steep.

It would be easier to become compliant than face a maximum fine of R10 million or a prison sentence of up to 10 years, or both, for serious offences. For less serious offences there’s the possibility of a fine and a prison sentence of up to 12 months, or both. There’s also the risk of a damaged reputation that would come from clients/suppliers knowing that their data isn’t safe with you.

Ask us any questions about POPIA and we’ll help you.

Talk to us about POPIA

Step 1 of 2

  • Sign up for your
    Free Trial

    Please complete the form to sign up for your free trial. For all our other products, please contact us for a consultation.

  • I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

The reseller zone is currently out getting a facelift as we look to integrate it with our backup platform, as it stands you can overview your clients on our new backup console. If you don't know what console that is, please reach out to us.

  • Hidden
  • I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

  • I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

  • I have read and understand IronTree Internet Services (Pty) Ltd's privacy notice.

We are taking all necessary precautions around the COVID-19 situation. Our offices are closed and our team members have each been set up to work remotely in self-isolation at home. As far as possible IronTree will maintain business as usual. All our resources such as server platforms, transactional capacity, telephony and electronic communications, including video meeting facilities, have been configured in the cloud and are 100% operational. Please feel free to contact us if you require our assistance. Stay safe!
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.