087 059 7777

How to Comply with POPI (Mandatory from July 2021)

How to Comply with POPI (Mandatory from July 2021)
April 17, 2020 gnuworld

We offer basic guidance on how to comply with the Protection of Personal Information (POPI) Act, in effect in South Africa since 2020 – and with mandatory compliance from 1 July, 2021.

About POPI

POPI is designed to promote the protection of personal information and to bring South Africa’s privacy laws in line with international standards.

It limits the rights of businesses to collect, process, store, and share personal information. It also makes businesses accountable for protecting the privacy of this information.

POPI’s commencement will impact a vast number of South African businesses, both large and small.

The POPI commencement date

South Africa’s long-awaited POPI Act came into effect on 1 July, 2020.

Businesses then had a 12-month grace period to comply. This grace period ends 1 July, 2021.

Non-compliance after this period could result in hefty fines or even prison time. So it’s vital for businesses of all sizes to know how to comply with POPI.

Key requirements for complying with POPI

POPI is based on eight conditions for the lawful processing of personal information and under each condition there are a number of key requirements.

Read the full legislation or see our summary of each condition below.

1. Accountability

Personal information must be processed lawfully and in a reasonable manner.

It should not infringe on any person’s privacy.

2. Processing limitation

The processing of personal information should always be relevant and never excessive.

There are particular circumstances under which personal data may be processed. As such, the data subject’s consent should be obtained before his or her information is processed.

3. Purpose specification

Personal information may only be collected for a specific, lawful and explicitly defined purpose that relates to the data collector’s function or activity.

Information must not be retained for any longer than is absolutely necessary.

4. Further processing limitation

Any further processing of personal information must be related to the purpose for which the information was originally collected.

5. Information quality

A reasonable party must ensure that any personal information collected is complete, accurate, truthful and updated.

6. Openness

A responsible party must document its process of collecting information as required by POPI’s provisions. Data subjects must be notified when their personal information is processed.

This condition often results in organisations compiling detailed privacy policies to explain their privacy operations.

7. Security safeguards

Personal information must be kept confidential and its integrity maintained.

Responsible parties must take appropriate measures to guard any personal information against unlawful acts and to prevent its loss, damage or destruction.

8. Data subject participation

Data subjects must be able to confirm whether or not an organisation holds any of their personal information.

They must also be allowed to correct their information or to request that the responsible party destroy or delete it.

POPI compliance tips for small businesses

These simple measures may help your business ease into POPI compliance:

  • develop internal ethical standards for the processing of personal information
  • provide adequate training for employees involved in processing personal information
  • establish new internal procedures for personal information
  • keep a record of each processing activity
  • review or develop internal guidelines for employees.

What we offer at The Workspace

At The Workspace, we offer affordable, fully serviced offices and coworking, and all our members have access to meeting rooms, boardrooms and a range of business services. For more information, visit our branch pages, call us on 087 059 7777 or contact us online.

The Workspace doesn’t offer professional advice about how to comply with POPI or other laws. However, we do aim to provide our members and other small to medium businesses in South Africa with useful resources.

Contact us to find out more