Business | KVV Inc

July 2, 2021

Business, Information Technology Law / Cyber Law, Property

11 POPIA Questions to Ask Yourself Before 30 June 2021

Note: This is a complex topic and there is no substitute for tailored professional advice. What is set out below is of necessity no more than a simplified summary of some practical highlights.

You and your business are at substantial risk if you aren’t fully compliant with POPIA (the Protection of Personal Information Act) on 1 July 2021.

The clock is ticking! Have a look at the Information Regulator’s Countdown Clock here to see exactly how many days (and hours, minutes, and seconds!) you have left.

Be ready! Be compliant! Ask yourself these eleven questions –

Does POPIA really apply to us? As soon as you in any way “process” (collect, use, manage, store, share, destroy and the like) any personal information relating to a “data subject” (suppliers, customers, members, employees and so on – whether individuals or “juristic persons” such as corporates and the like), you are a “responsible party”.The formal definition of a responsible party is “a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information” – very few businesses and organisations will fall outside that net. Equally you are unlikely to fall under exemptions such as that applying to information processed “in the course of a purely personal or household activity”.But don’t panic –. compliance is easily attainable for most businesses, particularly if you are a smaller operation with little in the way of sensitive personal information. Answer the questions below to get a feel for areas you need to concentrate on now.
What risks do we run if we don’t comply with POPIA? If a data subject suffers any loss as a result of your breach of POPIA, the subject (or the Regulator at the request of the subject) can sue you for damages and you will be liable even if your breach was unintentional and not negligent. You also face criminal prosecution, penalties and administrative fines for some breaches.
Have we registered our Information Officer/s? You must register your Information Officer (“IO”) with the Information Regulator – go to the Regulator’s Online Portal for the online and PDF versions of the registration form, plus the email address for support enquiries and a link to the Search page. The IO is responsible (and liable) for all compliance duties, working with the Regulator, establishing procedures, and the like. You are automatically your business’ IO if you are its “Head” i.e., a sole trader, any partner in a partnership, or (in respect of a “juristic person” such as a company) the CEO, MD or “equivalent officer”. You can “duly authorise” another person in the business (management level or above) to act as IO and you can designate one or more employees (again management level or above) as “Deputy Information Officers”.
Do we have a list of all personal information we hold, and how and why we hold it? Make a full list of all the personal information you hold/process, whether physically or in electronic form. Then evaluate it against the test that, to collect and “process” personal information lawfully, you need to be able to show that you are acting safely, lawfully, and reasonably in a manner that doesn’t infringe the data subject’s privacy.You must show that “given the purpose for which it is processed, it is adequate, relevant and not excessive”. Data can only be collected for a specific purpose related to your business activities and can only be retained so long as you legitimately need to (or are allowed to) keep it for that purpose.
What security measures do we have in place? You must “secure the integrity and confidentiality of personal information in [your] possession or under [your] control by taking appropriate, reasonable technical and organisational measures to prevent … loss of, damage to or unauthorised destruction of personal information … and unlawful access to or processing of personal information.”You are at great risk of liability and penalties if you suffer any form of data breach from a risk that is “reasonably foreseeable” unless you can prove that you took steps to “establish and maintain appropriate safeguards” against those risks. If you haven’t already done so, brainstorm with your team all possible internal and external vulnerabilities (physical as well as electronic) and address them.
Do third parties hold/process personal information for us? If third parties (“operators”), hold or process any personal information for you, they must act with your authority, treat the information as confidential, and have in place all the above security measures. Further restrictions apply if the third party is outside South Africa.
Do we know what to do if we suffer a breach? Any actual or suspected breaches (called “security compromises” in POPIA) must be reported “as soon as reasonably possible” to both the Information Regulator and the data subject/s involved.
Do we do any “direct marketing” and if so do we comply with all requirements? Most businesses don’t think of themselves as doing any “direct marketing”, but the definition is wide and includes “any approach” to a data subject “for the direct or indirect purpose of … promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject…”. So for example, emailing or WhatsApping your customers about a new product or a special offer will put you into that net.If your approach is by means of “any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail”, you must observe strict limits. Whilst you can as a general proposition market existing customers/clients in respect of “similar products or services” (there are limits and recipients must be able to “opt-out” at any stage), potential new customers can only be marketed with their consent, i.e., on an “opt-in” basis. They can be approached only once for that consent so keep a record of everyone you have asked.
Does our website use cookies and if so do we have a cookie notice and policy in place? As countries around the world ramp up their privacy laws, we will all see many more examples of “cookie notices” on websites we visit. You may wonder how your own website should be configured, and the short answer is that if it uses cookies (almost all do), POPIA very likely applies despite the fact that there is no specific mention of cookies in the current legislation. Bottom line – to be on the safe side, have a cookie notice and policy in place. Keep yours simple and user-friendly.
Do we have a privacy policy and a POPIA manual in place? POPIA – unlike PAIA (the Promotion of Access to Information Act) – doesn’t require you to have a POPIA manual in place but in larger businesses it is certainly a good idea to prepare one.However you should certainly have a privacy policy in place. Make sure that everyone in your organisation is aware of it and of how critical it is to comply with it at all times.
Is our staff team ready? Check that everyone in your business understands your compliance plan and their own individual roles and responsibilities in it. Make sure that nothing falls through the cracks – assign specific tasks to specific staff members.

Bodies Corporate and Homeowners Associations – how POPIA affects you

Bodies Corporate and Homeowners Associations (HOAs) fall into the POPIA compliance net and should be asking themselves the questions above.

In assessing what personal information you hold, how and why you hold it, and who you are sharing it with, remember to include not only scheme owners and HOA members but also your auditors, attorneys, managing agents, the CSOS (Community Schemes Ombud Service), security service providers and the like.

If you have gate security in the form of visitor registers, scanning of licence plates and driver’s licences and so on, be ready to address questions around having lawful reason for collection and retention of all the personal information you are gathering in this manner.

Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.

January 13, 2021

Business

0 Comments

Your Website of the Month: Starting a Business in 2021

Whether 2020’s lockdown gave you a great idea for a new business, put you out of a job, or killed your old business, 2021 may well be a year full of new opportunities. If the excitement and rewards of entrepreneurial life appeal to you, have a look at “Starting a Business” on the Small Business Site here for checklists and articles like –

“#20Lessons20Years”,
“Small business compliance guide”,
“Where can I register my company in South Africa”, and so on.

Your first port of call however should always be your lawyer – not only are there important legal requirements to consider before you start up, but you need to choose the right vehicle and structure for your business (sole trader, partnership, company, trust etc) upfront.

December 17, 2020

Business

0 Comments

What Must You Prove to Remove a Trustee?

“…where there is disharmony, the essential test is whether it imperils the Trust estate or its proper administration” (extract from judgment below)

Trustees are of course supposed to work together to protect and further the interests of their trust and its beneficiaries, but the fact is that on occasion serious disputes can and do arise.

If settlement negotiations fail and if there is no alternative but to forcibly remove a trustee our courts have the power to do so, on the application of either the Master of the High Court or of “any person having an interest in the Trust property”.

What must you prove for removal?

As to the grounds on which a court will agree to remove a trustee, a recent Supreme Court of Appeal (SCA) judgment confirms that “loss of mutual trust and respect does not, without more, translate to a ground for the removal of a trustee, or to a conclusion that the Trust property has been imperiled [Put at risk of being harmed, injured, or destroyed]. It must further be established that, as a result, the Trust property has been imperiled or the administration of the Trust and the management of its property are at risk. That is a factual enquiry …The determinative test is always whether any state of affairs – be it incompetence, misconduct, incapacity, or lack of trust and respect among trustees or beneficiaries – has resulted in the Trust property or its proper administration being placed at risk.” (Emphasis supplied).

Importantly the Court added that in exercising its power to remove a trustee, “the courts do so with circumspection”.

Your work, in other words, is cut out for you.

Fighting in a family trust – the outcome

A deceased businessman’s R2.8m share portfolio and a 75% share in a property-owning company were vested in a family trust, in which the deceased’s mother, step-father, brother, wife, adult children and accountant were all involved in one capacity or another.
In short, relationships between the role-players soured, involving a flurry of accusations and counter-accusations of theft (reciprocal criminal charges being laid), oppressive conduct, conflicts of interest, collusion, vendettas – the list goes on.
The wife (as trustee and beneficiary) together with her sons (the other beneficiaries), applied for the removal of the trustee in question, and after a long – and no doubt expensive – trek through the courts, ended up in the SCA.
Finding on the proved facts that “the state of the relationship of the appellant and the respondent has not imperiled the Trust property or its proper administration. I find no other basis on which it would be in the interests of the Trust and its beneficiaries to remove the appellant” the SCA reversed a High Court order removing the trustee. The trustees are it seems just going to have to work this one through themselves.

November 9, 2020

Business

0 Comments

POPIA: A Practical 4-Step Action Plan for your Business

“By failing to prepare you are preparing to fail” (Benjamin Franklin)

The media is still awash with warnings about the dangers of not complying with POPIA (the Protection of Personal Information Act). The risks of non-compliance are indeed substantial but whilst much is made of the fact that the Act itself is now in force, references to the one-year grace period for compliance expiring on 30 June 2021 appear only in the fine print (if at all).

But – and this is a big but – there are major benefits to understanding POPIA and starting the compliance process long before it becomes compulsory. The penalties for getting it wrong are sizeable, “preparation makes perfect”, you are giving yourself lots of time to get it right, and for many businesses there is also good marketing potential in being able to tell your customers and clients that you are already addressing the situation.

Four practical steps to start with…

Before we start on your action plan, get to grips with the fact that you will almost certainly have to comply fully with POPIA. As soon as you in any way “process” (collect, use, manage, store, share, destroy and the like) any personal information relating to a “data subject” (customers, members, employees etc etc), you are a “responsible party”. Very few businesses will fall outside that net. Equally you are unlikely to fall under exemptions like that applying to information processed “in the course of a purely personal or household activity”. Get going with these steps –

Assess what personal information you hold, how you hold it, and why: Figure out what personal information you currently hold, how you hold it, and why you hold it. To collect and “process” such information lawfully you need to be able to show that you are acting lawfully, reasonably in a manner that doesn’t infringe the data subject’s privacy, and safely.You must show that “given the purpose for which it is processed, it is adequate, relevant and not excessive”, data can only be collected for a specific purpose related to your business activities, and can only be retained so long as you legitimately need to or are allowed to keep it.
There’s a lot more detail in POPIA, but you get the picture – you cannot collect or hold personal information without good and lawful cause.
Check security measures, know what to do about breaches: You must “secure the integrity and confidentiality of personal information in [your] possession or under [your] control by taking appropriate, reasonable technical and organisational measures to prevent … loss of, damage to or unauthorised destruction of personal information … and unlawful access to or processing of personal information.” You are going to have big problems if there is any form of breach from a risk that is “reasonably foreseeable” unless you can prove that you took steps to “establish and maintain appropriate safeguards” against those risks. Bear in mind that whilst cyber-attacks tend to get the most media time, there are also other risks out there – brainstorm with your team all possible vulnerabilities and patch them.
Any actual or suspected breaches (called “security compromises” in POPIA) must be reported “as soon as reasonably possible” to both the Information Regulator and the data subject/s involved.If third parties (”operators”) hold or process any personal information for you, they must act with your authority, treat the information as confidential, and have in place all the above security measures.
Check if you do any direct marketing: Most businesses don’t think of themselves as doing any “direct marketing”, but the definition is wide and includes “any approach” to a data subject “for the direct or indirect purpose of … promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject…”. So for example just emailing or WhatsApping your customers about a new product or a special offer will put you firmly into that net.If your approach is by means of “any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail”, you must observe strict limits. Whilst you can as a general proposition market existing customers in respect of “similar products or services” (there are limits and recipients must be able to “opt-out” at any stage), potential new customers can only be marketed with their consent, i.e. on an “opt-in” basis.
Get a start on procedures and training: Identify an “Information Officer” who will take on all compliance duties, establish procedures, and train your team in implementing them. Cover how you will collect the data, process it, store it, for how long, for what purpose/s and so on. What consent forms do you need and when/how are they to be completed and stored? You are much less likely to have a POPIA problem if everyone in your business (and most importantly you!) understands what your procedures are and implements them as a matter of course. Make sure that no functions “fall between two stools” – assign individual compliance tasks to named staff members and make sure everyone understands who is to do what.

This is a complex topic and there is no substitute for tailored professional advice. What is set out above is of necessity no more than a simplified summary of a few highlights.

November 9, 2020

Business, Property

0 Comments

Home Businesses – Is Yours Legal?

The sharp upsurge in businesses operating remotely as a result of the pandemic lockdowns means a lot more people working from home – most presumably in low-profile home offices, but inevitably some in the form of full-on business activities from home. What effect is that having on the property market?

Work-from-home and what’s hot in property market trends

Let’s firstly have a look at what trends are emerging in the “hot property” market, driven by both the work-from-home phenomenon and by the general economic fallout from the pandemic and the lockdowns –

Increased interest in coastal and country properties from employees and businesses looking to work remotely away from congested highways and crowded cities.
Upsizing by stay-at-home workers looking for extra home office space and facilities.
Downsizing by financially-stretched homeowners reducing costs and looking to realise the value in large houses they no longer need (either by selling or by renting out).
Increased demand for rental properties in some sectors, driven presumably by owners selling homes to cut costs, perhaps also by sales in anticipation of emigration or semi-gration.

The law

The next question of course, regardless of whether you are selling, buying or staying put, is this – what does the law have to say about home businesses? As a small business are you clear to move your business into your house? As an employee is there anything in the law to stop you from setting up a home office? As a neighbour do you have any right to object?

Those are of course important questions to ask before you buy a “home-office-house” and before you open up a home business in your existing house. The last thing you want is to be shut down by unhappy neighbours or the local municipality.

The two questions to ask

The High Court has confirmed that there are essentially two questions to ask –

Is the activity in question allowed by local zoning and land use laws?
Is there any other legal block in place, for example are there any title deed restrictions or, if the residence is part of a community scheme like a Home Owners Association (HOA) or a Sectional Title complex, do the complex’s rules allow it?

Living in a complex – the hair salon allowed by zoning laws but closed down by the HOA

A homeowner had for many years run a hair salon business from her home in a complex, although both the HOA’s constitution and its conduct rules allowed only residential usage of houses except with authorisation via a special resolution. She was bound by the constitution and rules both by the terms of her purchase agreement and by her title deeds.
When she refused to cease business the HOA approached the High Court for an interdict. Her central argument was that her home business was permitted by the local zoning regulations in terms of which certain small scale non-residential activities were allowed in the area.
Not relevant, held the Court in interdicting the homeowner from continuing her business. She had agreed to a limitation of her rights, she had agreed to forfeit her right to use their land for anything but residential purposes and the HOA had not purported to change the zoning scheme and was “well within its rights to seek to preserve the residential character of the development”.

In other words, HOA and Body Corporate rules can in principle be more restrictive than local zoning laws and effectively override them in such a case. Bear in mind that each case will be decided on its facts, and in addition there has been some speculation recently that the National State of Disaster regulations and orders could be used to justify a departure from that principle. Much safer however to assume that you are bound by your complex’s rules (which may in any event allow you to work from home and/or to run a small business, although perhaps only with consent).

Must you apply for rezoning or municipal consent? 3 categories to consider

If you don’t live in a residential complex or if you do but are in compliance with the complex’s rules, you need to check that you aren’t going to be stopped from operating (perhaps even fined) by your local authority.

Your local municipality will have its own land use and zoning regulations and bye-laws, but generally speaking your business activities will fall into one of three categories –

Micro business: Depending on the zoning of your particular area, working alone from home in a home office is highly unlikely to cause any issues either legally or practically, and you are also likely to be allowed to conduct small scale business activities from home without consent where your business activities fall into your municipality’s “micro-business” or “home enterprise/undertaking” category (check with your local municipality on its rules in this regard).
Municipal consent: As soon however as your activities go further (there are normally limits on things like the nature of the business, number of staff, percentage area of the house used for the business, parking availability, noise/nuisance factors and the like) you will probably have to apply for municipal consent or a permit to operate.
Rezoning: In other cases you may need to go further and apply for complete rezoning of the property, possibly also for removal of title deed restrictions.

Take specific advice in any doubt!

September 21, 2020

Business, Insolvency, Property

0 Comments

Buying a Business? Make Sure the Seller Publishes Notice of the Sale

“The purpose of the legislature in enacting s 34(1) is to protect creditors by preventing traders who are in financial difficulty from disposing of their business assets to third parties who are not liable for the debts of the business, without due advertisement to all the creditors of the business.” (Extract from judgement below)

With our economy in trouble and the ongoing pandemic and lockdown damaging more and more businesses by the day, sales by distressed companies and traders are likely to rocket.

If you are a prospective buyer here, be aware of one particular danger lurking in the wings for you.

Follow this rule to protect yourself – before you buy any business, its goodwill or assets forming part of the business, take legal advice as to whether or not the sale must first be advertised in terms of section 34 the Insolvency Act. You stand to lose both the business and the purchase price if section 34 requires the sale to be advertised and it isn’t.

Your risk is that if an unadvertised sale is challenged by a liquidator/trustee (or by a creditor if there is no liquidation/sequestration) within 6 months of the sale, it is likely to be declared void. In that event, you will be lucky to get even a portion of your purchase price back – with the seller in financial difficulty your concurrent claim is probably worthless.

As a creditor…

The advertising requirement is designed to protect you as a creditor from having to claim from a debtor which suddenly becomes a worthless shell having quietly sold away its business and/or assets beyond your reach.

Note that you only have protection if you have instituted proceedings against your debtor “for the purpose of enforcing [your] claim” before the transfer of the business – a good reason not to drag your heels when suing a recalcitrant debtor.

When advertisement isn’t necessary

The sale will only be valid without advertisement if –

The sale was made “in the ordinary course of business” (unlikely where the business subsequently fails), or
It was made for “securing the payment of a debt” (unlikely to be under your control as buyer), or
The seller wasn’t a “trader”. As “trader” is widely defined in the Act, and as the onus of proof here is squarely on the buyer, that’s not going to be easily proved. As we shall see below, you can be a “trader” in property as much as in any other commodity.

As a general rule therefore, it is safest to insist on the sale being properly advertised before you pay out the purchase price, but there are grey areas and pitfalls here so take specific advice. Note also that the Act’s requirements for the timing and manner of advertisement are strict and must be followed to the letter.

As a recent High Court case shows, as a buyer (in this case of a property business) you could lose everything if you lose sight of this very real danger…

An R8m claim and a property transfer (and bond) set aside

A property owner bought and developed a property firstly into a shopping centre and later into a shopping centre with 11 sectional title units.
Whilst being sued by a creditor for R8m, the owner sold a section to a buyer and transferred it to him, and a bank registered a bond over the property.
The creditor obtained judgement against the owner only to find that it had been placed into liquidation. It asked the High Court to set aside the sale on the basis that the sale had not been advertised in terms of section 34 and was therefore void.
The buyer countered by denying that it was a “trader” as defined in the Insolvency Act. Its core business, it said, was to acquire and then rent out properties, “its business objective was not the buying and selling property per se as its stock in trade”.
Finding on the facts that the owner was indeed a “trader” when it sold the property to the buyer, the Court set aside the sale, the transfer to the buyer, and the bank’s mortgage bond.

August 19, 2020

Business

0 Comments

The Pandemic and Business Interruption Cover – Can You Claim?

It’s no surprise that our media has been awash with reports on the recent High Court judgment around a restaurant’s business interruption cover claims.

The restaurant in question, like many other businesses of all types and sizes, has been suffering severe losses from being forced to close (and latterly trade under very limited conditions) during the lockdown. Its business interruption claim in terms of an “Infectious Diseases Extension” clause in its policy (which it had faithfully been renewing annually since 2007) was rejected by the insurers.

What caused your business losses? The two things you must prove…

Sued by the restaurant, the insurers raised a whole slew of defences to the claim, all of them ultimately rejected by the Court.

Of most interest to businesses holding this type of cover will be the central question of whether or not the wording of your particular policy, in particular any “notifiable disease extension” clause (which in this case was a no-premium, “free cover” extension) will cover you for losses sustained in the particular circumstances of this pandemic and the lockdown.

The clause in this particular case promised cover for ”interruption or interference with the business due to (e) notifiable disease occurring within a radius of 50 km of the premises…”.

The insurer argued that this covered only losses resulting from business interruption “where the interruption is due to the Notifiable disease and not losses as a result of other causes” and that in this case business was interrupted not by the Covid-19 outbreak but rather by the lockdown “which is not insured under the Policy.” It also argued that “there was no sufficient causal link between the Covid-19 outbreak and the [restaurant]’s eventual loss.” The restaurant, it said, could have taken out other policies to specifically cover it in these circumstances but it chose not to do so.

In a nutshell, the Court found that the restaurant had to show two things –

“The Covid-19 as a Notifiable disease, caused or materially contributed to the “Lockdown Regulations” that gave rise to the Applicant’s claim (this is a factual enquiry). If it did not, then no legal liability can arise…”
“If it did, then the second question becomes relevant, namely whether the conduct is linked to the harm sufficiently closely or directly for legal liability to ensue, or whether the harm is too remote from the conduct”.

Finding that the restaurant had indeed proved causation as above, the Court declared that it was covered for such of its losses as it “is able to calculate and quantify from time to time”.

So are you covered?

The insurers have said they are taking this matter on appeal to the Supreme Court of Appeal (the insurance industry as a whole of course faces substantial losses from these claims), but remember that your particular policy may anyway be worded so as to cover you. There are also media reports of similar claims being met by some insurers, and of interim relief being offered by others. As the Court in this case put it “each case must be decided upon its own facts and the law”.

Moreover the Financial Sector Conduct Authority (FSCA) says that “The National Lockdown cannot be used by any insurer as grounds to reject a claim” and that “policyholders are able to claim in instances where they can show that they have satisfied the requirements of their specific policy, whether it was before, during or after the national lockdown”. You can complain to the FSCA if you feel that you have been treated unfairly.

June 30, 2020

Business

0 Comments

POPIA’s Deadline is 30 June 2021

POPIA’s Deadline is 30 June 2021 – Ignore the “Fake Headlines” But Start Planning!

At long last the main provisions of POPIA (the Protection of Personal Information Act) have been gazetted, and they will commence on 1 July 2020. That means that the one year transitional period will expire on 30 June 2021.

Don’t panic just yet, and ignore the many “fake headlines” in the media implying that you are at immediate risk of non-compliance, but at the same time don’t leave this to the last minute! Preparing for compliance is going to be a time-consuming affair, almost all South African businesses will need to comply, and the penalties for not doing so will be very severe indeed –

You risk administrative fines of up to R10m;
You could face criminal prosecution (with up to 10 years’ imprisonment);
You could be sued for millions by anyone whose data has been compromised, and this is an instance of strict liability” in that no “intent or negligence” on your part need be proved;
The loss of trust and the adverse publicity resulting if your data breach goes public could be devastating.

In future issues we’ll let you have a lot more practical advice on how POPIA will affect your business, and on the steps you will have to take to protect yourself from the dangers of non-compliance, but for now get started with this first planning step: Ask yourself what personal information you hold, where you hold it, who has access to it, and how secure it is.

May 21, 2020

Business

0 Comments

Lockdown Advice for Entrepreneurs

“The scale of the national COVID-19 lockdown is unprecedented in living memory. The repercussions – personal, professional, national and international – will reverberate for years to come. As entrepreneurs, we need to be making the right decisions for right now to ensure that our businesses and our people’s livelihoods do not become another casualty of the virus.”

At date of writing it is still unclear to what extent the Lockdown will be relaxed in each Province, but regardless of timelines the COVID-19 pandemic and the crisis it has landed us all in are not going anywhere in a hurry.

Businesses and perhaps SMEs in particular face both enormous challenges and many new opportunities. Some good solid advice on how they can navigate these stormy seas comes from Allon Raiz of Raizcorp in the form of a series of articles under the heading “Lockdown advice for entrepreneurs” here. To date eight articles are available –

“Get to rational quickly”
“Building an opportunity matrix”
“Scenario planning as a vital tool”
“Building an exploded resources list”
“Creating a small list of big questions”
“Embrace your X”
“Cross-functional teams”
“Moving from contingency planning to live decision making”.

March 30, 2020

Business

0 Comments

POPIA’s Deadline is 31 March 2021

At long last the main provisions of POPIA (the Protection of Personal Information Act) have been gazetted, and they will commence on 1 April 2020. That means that the one year transitional period will expire on 31 March 2021.

You risk administrative fines of up to R10m;
You could face criminal prosecution (with up to 10 years’ imprisonment);
You could be sued for millions by anyone whose data has been compromised, and this is an instance of strict liability” in that no “intent or negligence” on your part need be proved;
The loss of trust and the adverse publicity resulting if your data breach goes public could be devastating.

Category: Business

July 2, 2021

Bodies Corporate and Homeowners Associations – how POPIA affects you

January 13, 2021

December 17, 2020

November 9, 2020

November 9, 2020

September 21, 2020

August 19, 2020

June 30, 2020

May 21, 2020

March 30, 2020