The Protection of Personal Information Act (POPI) was signed into law on 26th of November 2013 and is a piece of legislation designed to protect any personal information that is processed by both private and public bodies, including the government. POPI will affect every person or business that stores, collects, uses or otherwise modifies personal information.
POPI requires that all personal information (IDs, health records, religion, employment records, sexual orientation etc.) must remain confidential and organisations need to identify where this information is held and take steps to protect it. Organisations preparing for POPI can use this opportunity to:
Businesses will need to look at collecting and harnessing data in an ethical and legal manner, which will restrict the use of bought ‘spam’ email lists and ensure a better quality of organisational data – which in turn will lead to sound decision making.
As businesses put measures in place to ensure that information is ethically sourced, processed and stored, an opportunity is created to improve current business processes and harness efficiencies.
POPI is all about the customers. Businesses and organisations that are able to confidently reassure customers that their personal information is securely protected are a long way down the road to creating better customer relationships.
Despite the POPI Act being signed into law in 2013, it is not yet effective, as a commencement date has not been established. It is however predicted that 2018 will be the year the Act comes into effect, following on from the appointment of a Regulator and the issuing of draft Regulations for public comment.
POPI compliance will impact on the technology, software and manner in which your business processes personal information. Personal information may only be used for the purposes agreed with your customers and employees. This means that marketing, by means of unsolicited e-mail is prohibited and organisations will need to implement opt-in and opt-out strategies. Personal information can also no longer be stored indefinitely but may only be retained for as long as necessary.
Preparing for POPI will be a challenge for many medium-sized businesses that do not have the systems that large corporates do. GGD can assist your business with identifying your specific risks for POPI compliance. Our software consultation team will then assist you with selecting the correct software and implementing the right systems and necessary controls to mitigate against these risks. For more information, speak to our software consultation team today.