The eventual heralding of POPIA
With President Ramaphosa’s announcement that a large swath of substantive provisions from the Protection of Personal Information Act 4 of 2013 (“POPIA”) will commence from 1 July 2020, the dawn of proper data protection has arrived in SA. This is not too soon, as people are finally recognising not only the immense value and power of personal information, but also the simultaneous dangers same data processing poses for everyday people.
A complete legal overhaul for protecting valuable data
The commencement of the POPIA provisions is truly a massive shift in everyone’s obligations relating to the personal information they handle multiple times every single day. You may not have thought about it, but almost every single engagement you may have with anyone, be it a person or company, involves a constant stream of personal data exchange; either about people or companies. As such, just like all companies had to undertake an almost complete overhaul to their systems when the new Companies Act commenced in 2008, or when consumer relations and rights changed fundamental ways businesses engaged with its consumers with the new Consumer Protection Act of 2008, POPIA heralds another huge shift in corporate and personal responsibilities.
POPIA and other data laws’ essentials
Whilst POPIA compliance my seem extremely daunting to processors of personal data, it can actually be summarised into 3 main focuses, being:
- The satisfaction of a large range of internal systemic data handling requirements within your operation (what we call the “Actions”); and
- The correct and timeous implementation and provision of all applicable Policies and terms to your data subjects, whether IRL or online.
Further, it is also prudent for all processors of personal data to ascertain if, in conjunction to being governed by POPIA, their processing of personal data may also be subject to foreign data laws which can simultaneously apply, such as the EU’s General Data Protection Regulation (“GDPR”), which is essentially POPIA’s scarier and bigger cousin. Processors should also be aware of the UK’s Data Protection Act (“DPA”), as well as California’s Children’s Online Privacy Protection Rule (“COPPA”).
Getting compliant, and fast
The pending full and proper commencement of POPIA in SA therefore represents a huge shift in the operational requirements for companies, including consequences for its operations, staffing, running costs and even its Terms of Engagement with clients. Lastly, the sanctions for non-compliance are also substantial, so if a person is not incentivised to comply with POPIA in order to remain attractive and safe to its data-savvy customers, the ever-present threat of enforcement sanctions should shock them into complying.
Come to Legalese with all of your data and privacy compliance needs, where after having assisted hundreds of operations with data compliance before, we are poised to assist you practically, cost effectively and as simply as possible!
Thomas Reisenberger – 31 July 2020
Have any questions? Drop us a message below and we’ll be in touch!