As we write this, the Protection of Personal Information Act 4 of 2013 (POPIA) fully becomes effective and legally sanctioning in less than two months.
The grace period to allow all entities that gather and process personal information to comply is fast coming to an end and thereafter all are required and expected to have complied fully with the requirements of the POPIA.
Of course, there is a sanction for failure to do so, ranging from financial penalties of up to R10 million, to imprisonment depending on the gravity and blameworthiness of the breach.
The right to privacy is protected under section 14 of the Constitution, and data collecting and processing entities need to see the seriousness in that light.
At a time, economically, when most organisations would do with every cent in their reserves and the innovation of their human resources, preventing any breach of POPIA is definitely better than curing it.
Here is a basic guide on how to achieve that in no rigid order:
The nature, purpose, and procedures of collecting and processing personal information differs from one organisation to the other, and therefore the above is a general guide.
Each organisation is advised to seek the services of specialists who can advise and assist in the implementation process as per the organisation’s requirements and operational models.
The deadline of 1 July 2021 is fast approaching, although this may (though unlikely) be extended for specific categories of personal information by a further three years should ample reasons to do so be glaring.
The established Information Regulator is responsible for the implementation and enforcement of POPIA and its requirements and, being a creation of statute, its authority is of legal force.
The coming into operation of POPIA and its regulations should be met with a sigh of security by data subjects, who will definitely benefit from the protection of their right to privacy fully knowing that the responsibility to collect, store, process and obliterate their personal information is now one enforced by law with hefty penalties for non-compliance.
POPIA’s purpose is entrenched in section 2 which provides that the Act seeks to “give effect to the constitutional right to privacy, by safeguarding personal information when processed by a responsible party, subject to justifiable limitations.”
Practically POPIA applies in a supplier, consumer, full time or part time employment, business, membership, contractual, third party or any other relationship where personal information has to be collected and processed for a purpose.
By implication this gives data subjects more control over their information and the purpose for which that information will be processed.
Our able team is fully capacitated to comprehensively assist organisations to develop and implement data collection and processing systems that are compliant with the requirements of POPIA to avoid hefty penalties, critical in the harsh economic times prevailing.
Contact us for more information.
The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter. One should not act or refrain from acting on the basis of any content included in this site without seeking legal or other professional advice. The contents of this site contain general information and may not reflect current legal developments or address one’s peculiar situation. We disclaim all liability for actions one may take or fail to take based on any content on this site.
Subscribe to our Newsletter
Estate Agent Training
Bond & Transfer Calculator
Get the latest updates in your email box automatically.