Globally, governments are responding to the vast amounts of information flooding into the public domain due to the growth in companies like Amazon, Facebook and Twitter. As much of this information is personal, POPIA seeks to regulate how this personal information is processed and stored.
South Africa, like many countries, has a constitutional mandate to protect the right to privacy and POPIA is aimed at balancing this right with the necessity of processing personal information – employee salaries is an example.
With the Act now in effect, you have a twelve-month grace period to comply with POPIA. By 1 July 2021, all entities that process personal information need to be in compliance with the Act.
This has substantial implications for business and will be costly and time consuming to implement.
This transition period is going to be onerous on businesses. They need to determine what information falls into the Act, how it is used, protected, stored, who has access to it. Businesses will also need to get the relevant consent from staff and other stakeholders. What privacy statements do you need to make, what protocols do you need to put in place over your information and website?
As there are onerous penalties (a fine of up to R10 million or ten years imprisonment) and these requirements concern the safety of your staff’s (amongst other) information, so it is well worth investing time and taking advice to start getting the right procedures in place now.
Disclaimer: The information provided herein should not be used or relied on as professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your professional adviser for specific and detailed advice.