Time is running out for South African businesses that are yet to comply with the Protection of Personal Information Act (POPIA), a consumer data privacy law which came into full effect on 1 July 2020. If you’ve been a little preoccupied with other things, now is time to kick-start your company’s POPIA compliance journey. Businesses that fail to comply with POPIA before 1 July 2021, whether intentional or accidental, may face administrative fines of up to R10 million.
Let’s avoid that, shall we?
POPIA Compliance in a Nutshell
POPIA outlines a set of conditions for the lawful processing of people’s personal information. It was established to keep personal consumer information protected by providing conditions for how public and private bodies may lawfully collect, process and manage people’s personal information. In so doing, POPIA ensures no unauthorised sharing of third-party data, while also protecting consumers against identity theft, fraud and similar breaches of private information.
Personal information can include anything that can be used as an identifier, such as full names, addresses, photos, video footage, voice recordings, biometric data, education and employment information, religious and political views, criminal records, private correspondence and so forth.
How Coffee Creative Studio Can Help
As a website owner, POPIA affects how you may use cookies, digital information gathering and online tracking of visitors from inside South Africa. One of the easiest ways to ensure compliance is a review and update of your site’s Privacy Policy, with full transparency as to how you intend to store and use the personal information collected. These terms should be made easily accessible on your website via a popup or banner – much like GDPR on European websites. If you break your privacy policy, you break the POPI act. Here are a few examples of POPI non-compliance at play:
Scenario 1: Contact Forms
You are collecting customer information online via digital contact forms. You receive several personal email addresses, which you use at various times to send business newsletters and communicate special offers. If the recipient has not consented to receive that newsletter, by law you are not allowed to send it to them. If you do, you have broken POPIA, and could be held liable should a complaint be lodged against your business.
Scenario 2: Sharing Information with Third Parties
Visitors to your website have granted permissions to use their information for future correspondence sent by your company. You then enter into a joint partnership or campaign with a separate business and share your private database’s information with that company, who then markets to your network. If people have not agreed for their information to be shared and used by a third party, you will have broken POPIA. Thus websites must outline all uses of private consumer data.
POPIA compliance does not need to be an expensive or labour intensive process. Once you have successfully updated your Privacy Policies, Coffee Creative Studio can update your website with the necessary amendments.
Don’t miss the deadline!
See related projects >