POPIA is South Africa’s new comprehensive privacy law which commenced on July 1, 2020. POPIA imposes new compliance requirements on any natural or juristic person who processes personal information. Organizations have until July 1, 2021, to ensure that they are fully compliant with POPIA.

Escape Ctrl (Pty) Ltd (www.esc-ctrl.co.za) offers a complete solution to help you comply with South Africa’s most extensive law on the protection of personal information. Our specialist privacy professionals and IT security experts are uniquely placed to provide a holistic approach to compliance.

Who is affected

Any natural or juristic person who processes personal information, including large corporates and government. The data protection laws of many other countries exempt SMEs, but not currently in South Africa. Maybe the Information Regulator will exempt some natural person and SMEs from complying. Only time will tell in this regard. Some processing of personal information is excluded.

What steps will you have to take to comply?

Responsible parties will have to take various steps to comply. For example:

  1. Appoint an Information Officer.
  2. Draft a Privacy Policy.
  3. Raise awareness amongst all employees.
  4. Amend contracts with operators.
  5. Report data breaches to the regulator and data subjects.
  6. Check that they can lawfully transfer personal information to other countries.
  7. Only share personal information when they are lawfully able to.

What are the Penalties for Non-compliance?

There are essentially two legal penalties or consequences for the responsible party:

  1. A fine or imprisonment of between R1 million and R10 million or one to ten years in jail.
  2. Paying compensation to data subjects for the damage they have suffered.

It is very unlikely that anyone will go to jail and the fines are small compared to other jurisdictions. The other penalties include:

  • Reputation damage
  • Losing customers (and employees)
  • Failing to attract new customers

But your main motivation for complying with the Protection of Personal Information Act (POPIA) should be to protect people from harm.

#popia #dataprotection #compliance #privacy