KVV Inc
  • About Us
    • Meet The Team
      • Staff Photos
    • KVV Masters
    • Blog
  • Registration Process
    • I Am a Buyer
    • I Am a Seller
    • I Am An Agent
  • KVV Training Centre
  • KVV TV
  • KVV Cares
  • Contact Us
  • +27 87 351 2022

POPIA: A Practical 4-Step Action Plan for your Business

Home / Blog / Business / POPIA: A Practical 4-Step Action Plan for your Business
November 9, 2020
Business
0 Comments

“By failing to prepare you are preparing to fail” (Benjamin Franklin)

 

The media is still awash with warnings about the dangers of not complying with POPIA (the Protection of Personal Information Act). The risks of non-compliance are indeed substantial but whilst much is made of the fact that the Act itself is now in force, references to the one-year grace period for compliance expiring on 30 June 2021 appear only in the fine print (if at all).

But – and this is a big but – there are major benefits to understanding POPIA and starting the compliance process long before it becomes compulsory. The penalties for getting it wrong are sizeable, “preparation makes perfect”, you are giving yourself lots of time to get it right, and for many businesses there is also good marketing potential in being able to tell your customers and clients that you are already addressing the situation.

Four practical steps to start with…

Before we start on your action plan, get to grips with the fact that you will almost certainly have to comply fully with POPIA. As soon as you in any way “process” (collect, use, manage, store, share, destroy and the like) any personal information relating to a “data subject” (customers, members, employees etc etc), you are a “responsible party”. Very few businesses will fall outside that net. Equally you are unlikely to fall under exemptions like that applying to information processed “in the course of a purely personal or household activity”. Get going with these steps –

  1. Assess what personal information you hold, how you hold it, and why: Figure out what personal information you currently hold, how you hold it, and why you hold it. To collect and “process” such information lawfully you need to be able to show that you are acting lawfully, reasonably in a manner that doesn’t infringe the data subject’s privacy, and safely.You must show that “given the purpose for which it is processed, it is adequate, relevant and not excessive”, data can only be collected for a specific purpose related to your business activities, and can only be retained so long as you legitimately need to or are allowed to keep it.

    There’s a lot more detail in POPIA, but you get the picture – you cannot collect or hold personal information without good and lawful cause.

  2. Check security measures, know what to do about breaches: You must “secure the integrity and confidentiality of personal information in [your] possession or under [your] control by taking appropriate, reasonable technical and organisational measures to prevent … loss of, damage to or unauthorised destruction of personal information … and unlawful access to or processing of personal information.” You are going to have big problems if there is any form of breach from a risk that is “reasonably foreseeable” unless you can prove that you took steps to “establish and maintain appropriate safeguards” against those risks. Bear in mind that whilst cyber-attacks tend to get the most media time, there are also other risks out there – brainstorm with your team all possible vulnerabilities and patch them. 

    Any actual or suspected breaches (called “security compromises” in POPIA) must be reported “as soon as reasonably possible” to both the Information Regulator and the data subject/s involved.If third parties (”operators”) hold or process any personal information for you, they must act with your authority, treat the information as confidential, and have in place all the above security measures.

  3. Check if you do any direct marketing: Most businesses don’t think of themselves as doing any “direct marketing”, but the definition is wide and includes “any approach” to a data subject “for the direct or indirect purpose of … promoting or offering to supply, in the ordinary course of business, any goods or services to the data subject…”. So for example just emailing or WhatsApping your customers about a new product or a special offer will put you firmly into that net.If your approach is by means of “any form of electronic communication, including automatic calling machines, facsimile machines, SMSs or e-mail”, you must observe strict limits. Whilst you can as a general proposition market existing customers in respect of “similar products or services” (there are limits and recipients must be able to “opt-out” at any stage), potential new customers can only be marketed with their consent, i.e. on an “opt-in” basis.
  4. Get a start on procedures and training: Identify an “Information Officer” who will take on all compliance duties, establish procedures, and train your team in implementing them. Cover how you will collect the data, process it, store it, for how long, for what purpose/s and so on. What consent forms do you need and when/how are they to be completed and stored? You are much less likely to have a POPIA problem if everyone in your business (and most importantly you!) understands what your procedures are and implements them as a matter of course. Make sure that no functions “fall between two stools” – assign individual compliance tasks to named staff members and make sure everyone understands who is to do what.

This is a complex topic and there is no substitute for tailored professional advice. What is set out above is of necessity no more than a simplified summary of a few highlights.

© LawDotNews

Share
Previous Post
Home Businesses - Is Yours Legal?
Next Post
Landlords and Tenants: Alert Level 1 and the New Eviction Rules

Leave a Reply - Cancel reply

Your email address will not be published. Required fields are marked (required)

Recent Posts
  • A Note from our Director
  • Building a Home in 2021: The Dangers of Not Being NHBRC Compliant
  • Life Partners – You Need a Will and a Cohabitation Agreement!
  • Don’t Fall Victim to a Ponzi Scheme in 2021!
  • Your Website of the Month: Starting a Business in 2021
Contact Info

Ground Floor, Block D, Jigsaw Park 7 Einstein Road Highveld Techno Park, Centurion
Phone: +27 87 351 2022
Fax: (012) 655-1053

Get Directions
Archive
  • January 2021
  • December 2020
  • November 2020
  • September 2020
  • August 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
Categories
  • Bank And Financial
  • Business
  • Corporate
  • Criminal Law
  • Debt
  • Delict and Civil Claims
  • Delit / Civil Claims
  • Employment and Labour Law
  • Employment Law
  • Family Law
  • General Interest
  • Insolvency
  • KVV News
  • Litigation
  • News
  • Property
  • Property Law
  • Road Traffic
  • Tax
  • Trusts
  • Uncategorized
  • Wills and Estates
Pages
  • About Us
  • Blog
  • Blog Archive
  • Blog Classic
  • Contact Us
  • Cost Calculator
  • How We Work
  • I Am a Buyer
  • I Am a Seller
  • I Am An Agent
  • KVV Inc – Your Property Partner
  • KVV TV
  • Master Lounge
  • Meat the Team
  • Meet The Team
  • Registration Process
  • Shortcodes
  • Staff Photos
  • Testimonials
  • Training Centre

Designed by eMSDigital Group © 2019. All Rights Reserved

  • About Us
  • Registration Process
  • KVV Training Centre
  • KVV TV
  • KVV Cares
  • Contact Us
  • About Us
    • Meet The Team
      • Staff Photos
    • KVV Masters
    • Blog
  • Registration Process
    • I Am a Buyer
    • I Am a Seller
    • I Am An Agent
  • KVV Training Centre
  • KVV TV
  • KVV Cares
  • Contact Us