fbpx
26 June 2024

What are the Consequences of Not Having a Privacy Policy

Privacy Policy - Related 1

According to POPIA (Protection of Personal Information Act), not having a privacy policy could result in serious consequences for an organisation. Here are the key points:

  1. Section 100 of POPIA states that if a “responsible party” (i.e. an organisation) fails to comply with POPIA, it could face administrative action from the Information Regulator. This is known as the “enforcement notice” provision.
  2. Not having a privacy policy in place could be seen as non-compliance with POPIA, thus triggering the “enforcement notice” provision (Section 100).
  3. Not following an enforcement notice could result in an administrative fine from the Information Regulator (Section 100), which is a significant legal risk.
  4. Not having a privacy policy in place also opens an organisation up to facing civil claims from data subjects (i.e. individuals) for violating their privacy rights under POPIA (Section 100).
  5. The lack of a privacy policy also exposes an organisation to facing civil claims from data subjects for violating their privacy rights under POPIA (Section 100).

In essence, not having a privacy policy in place could open an organisation up to facing administrative action from the Information Regulator (Section 100) and civil claims from data subjects for violating their privacy rights under POPIA (Section 100). This is a significant legal risk for an organisation.

Citations:
[1] https://termly.io/resources/articles/south-africas-protection-of-personal-information-act/
[2] https://knowledge.propdata.net/what-happens-if-you-arent-popia-compliant
[3] https://popiachecklist.co.za/popia-non-compliance/
[4] https://www.cipc.co.za/?page_id=11876
[5] https://secureprivacy.ai/blog/south-africa-popia-compliance
[6] https://assets.ey.com/content/dam/ey-sites/ey-com/en_za/generic/ey-popia-report-2020.pdf
[7] https://www.werksmans.com/legal-updates-and-opinions/i-will-never-get-caught-the-consequences-of-non-compliance-with-popia/ [8] https://www.popiact-compliance.co.za/15-corporate/19-privacy-policy
[9] https://www.moonstone.co.za/department-of-justice-fined-r5m-for-non-compliance-with-popia/
[10] https://popia.co.za
[11] https://www.pkf.co.za/about-us/popia-privacy-policy/
[12] https://www.popiact-compliance.co.za/popia-information/17-conditions-for-lawful-processing-of-personal-information
[13] https://www.itweb.co.za/article/more-popia-fines-on-the-horizon-warns-inforeg/8OKdWMDXrVLMbznQ
[14] https://www.baileyhaynes.co.za/News/entryid/1932/consequences-that-business-face-if-they-are-not-popia-compliant
[15] https://www.masthead.co.za/popi-act-frequently-asked-questions/
[16] https://www.exceed.co.za/protection-of-personal-information-act-no-4-of-2013-popi-act/
[17] https://popia.co.za/protection-of-personal-information-act-popia/chapter-11/
[18] https://iapp.org/resources/article/popia-privacy-notice-and-compliance-checklists/
[19] https://www.popiact-compliance.co.za/popia-information/16-offences-penalties-and-administrative-fines
[20] https://popia.co.za/section-107-penalties/