How to ensure your business is POPI compliant

How to ensure your business is POPI compliant

The Protection of Personal Information Act (POPI) was signed into law on 26th of November 2013 and is a piece of legislation designed to protect any personal information that is processed by both private and public bodies, including the government. POPI will affect every person or business that stores, collects, uses or otherwise modifies personal information.

The benefits of POPI

POPI requires that all personal information (IDs, health records, religion, employment records, sexual orientation etc.) must remain confidential and organisations need to identify where this information is held and take steps to protect it. Organisations preparing for POPI can use this opportunity to:

  • Improved data quality

Businesses will need to look at collecting and harnessing data in an ethical and legal manner, which will restrict the use of bought ‘spam’ email lists and ensure a better quality of organisational data – which in turn will lead to sound decision making.

  • Improved business management

As businesses put measures in place to ensure that information is ethically sourced, processed and stored, an opportunity is created to improve current business processes and harness efficiencies.

  • Better customer relationships

POPI is all about the customers. Businesses and organisations that are able to confidently reassure customers that their personal information is securely protected are a long way down the road to creating better customer relationships.

When will the POPI Act come into effect? 

Despite the POPI Act being signed into law in 2013, it is not yet effective, as a commencement date has not been established. It is however predicted that 2018 will be the year the Act comes into effect, following on from the appointment of a Regulator and the issuing of draft Regulations for public comment.

How to prepare for POPI

POPI compliance will impact on the technology, software and manner in which your business processes personal information. Personal information may only be used for the purposes agreed with your customers and employees. This means that marketing, by means of unsolicited e-mail is prohibited and organisations will need to implement opt-in and opt-out strategies. Personal information can also no longer be stored indefinitely but may only be retained for as long as necessary.

In order to prepare for POPI a business needs to:

  1. Determine where they are in their current situation with regard to protecting the privacy of customer and user information.
  2. They will then need to conduct a POPI gap analysis to pinpoint their POPI compliance gaps and areas for improvement.
  3. The next phase is creating the necessary structures and systems built on the right software to ensure the practical implementation of privacy controls that will ensure their business maintains compliance with the POPI Act
  4. Lastly, a business needs to ensure continued compliance with POPI by implementing the necessary controls to ensure that privacy is always being optimised in accordance with the POPI Act


How GGD can assist your business to comply with POPI

Preparing for POPI will be a challenge for many medium-sized businesses that do not have the systems that large corporates do. GGD can assist your business with identifying your specific risks for POPI compliance. Our software consultation team will then assist you with selecting the correct software and implementing the right systems and necessary controls to mitigate against these risks. For more information, speak to our software consultation team today.


More InfoEmail UsContact Us