Your business and the POPI Act – are you compliant?

Your business and the POPI Act

Estimated reading time: 3 minutes

By now, most organisations are aware that the Protection of Personal Information Act (POPIA) 4 of 2013 (“the Act”) is effective and requires all businesses which process personal information of persons to comply with the Act’s eight conditions for lawful processing, by 1 July 2021.

Rob Russell of Labour Advice & Dispute Resolution explains, “Personal information and processing is widely defined in the Act. Personal Information refers to any information that is capable of identifying a living person or existing juristic person, including contact details, biographic details, medical information, financial information, criminal information, employment information, educational information, biometric, opinions, preferences and geolocation.”

Suppose an organisation processes any information pertaining to minors or a person’s religious, criminal behaviour, political beliefs, biometric information, race, health or trade union membership. In that case, Russell points out that they are processing special personal information and compliance with each condition becomes more onerous.

The first port of call for any organisation is to consider the information officer’s role, who must be registered with the Information Regulator www.justice.gov.za/inforeg/portal. “For a private company, the information officer will be the CEO, or a person duly authorised by the CEO for that purpose. Published on 14 December 2018, the POPIA regulations extend the information officer’s duties, and impose certain mandatory responsibilities. The role of information officer is therefore a critical role, and not something that can be dealt with lightly.”

Russell elaborates that there are eight conditions for the lawful processing of personal information according to POPIA, and your business should now have ensured that it can meet all of these eight conditions.

Accountability – your business is responsible for ensuring the conditions for lawful processing are met.

Processing limitation – your business must process personal information lawfully, minimally, in accordance with the consent, justification and objection provisions, and with the data subject’s consent, unless certain exceptions apply.

Purpose specification – your business must process personal information for a specific purpose and adhere to the retention and restriction of records provisions in POPIA.

Further processing limitation – further processing of information must be compatible with the purpose of collection.

Information quality – your business must take reasonably practicable steps to ensure that personal information is complete, accurate, not misleading and updated.

Openness – your business must maintain the documentation of all processing operations under its responsibility and take reasonably practicable steps to ensure that the data subject is aware of certain information.

Security safeguards – your business must: (i) secure the integrity and confidentiality of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures; (ii) in terms of a written contract, ensure that the operator, which processes personal information for the business establishes and maintains security measures; and (iii) as soon as reasonably possible after the discovery of a compromise, notify the Information Regulator and the data subject.

Data subject participation – your business must allow a data subject to access and correct its personal information. Your business may also be required to correct, delete or destroy personal information.

A manual in terms of section 51 of PAIA is also required. The manual must be lodged with the Information Regulator and it must be made available on the company’s website.

Non-compliance can lead to 10 years imprisonment or a fine of R10 million, or both.

What are your thoughts on the Act? Share your views in the comment section below.

RELATED NEWS

Leave a Reply

Your email address will not be published. Required fields are marked *

SHARE THIS ARTICLE

Facebook
LinkedIn
X
WhatsApp
Email
Print
Reddit
Telegram

At Newcastillian News, we value the voice of our community and encourage open dialogue. However, it is crucial to maintain a respectful and constructive environment. We remind everyone that using fake or anonymous identities does not shield you from being identified and held accountable for your comments.

To foster a positive community atmosphere, we strictly prohibit any form of racism, sexism, homophobia, or any other discriminatory remarks. Similarly, malicious personal attacks and the use of offensive language are not tolerated and will be promptly removed.

It is also important to note that remarks targeting individuals or companies must be factual and free from unfounded accusations. Comments that involve defamation, false information, or reveal confidential details can lead to legal consequences for the commenter. We reserve the right to remove such comments without prior notice to ensure our community standards are upheld.

Please note that while we encourage diverse opinions and lively debates, Newcastillian News does not intervene in comment disputes. Moderating such interactions is unfeasible and often leads to further complications.

It’s important to remember that the commenter could face legal consequences if a comment infringes on someone else’s rights. Let’s all strive to contribute positively and remember that in this small community, respect and decency are paramount.

Read our TERMS, CONDITIONS AND USER RULES for further information.

Sponsored Content

FOLLOW US