THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT

What is the POPI Act?

The POPI Act was set up to help with the protection of personal information that is used by individuals as well as businesses. The Act will give guidelines and conditions that establish the minimum requirements that a business will have to comply with if they make use of personal information.

When will POPI be implemented?

POPI was signed into law back in November 2013 and was expected to be up and running in December 2018. But at this stage it’s still unclear exactly when they will have the Regulator fully operational, and only then will POPI come into operation. While it’s not clear yet when exactly it will be implemented, parties will be allowed 1 year to comply when it comes into effect.

What is seen as Personal Information?

It is defined in the Act as “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person.”

Will the POPI Act affect me?

Yes, everyone will be affected, but especially companies that deal with big databases that store personal information such as Doctors Practices, banks, and insurance companies, etc. It also guides companies in the use of direct marketing where companies send emails or direct messages to clients without having their consent.

How will the POPI Act affect my business?

It will affect the way your business handles information, and you will have to understand and be able to identify between personal and non-personal information and which of these are sensitive information. It also guides you on how to handle and notify stakeholders of any breaches of personal information and if the information was compromised in any way.

Why should I comply?

It gives peace of mind to your consumers that you will not abuse, or mismanage their personal data, which can increase their trust in your business. AND IT IS THE LAW.

What if i do not comply with the POPI Act?

If you are found guilty of an offense regarding the POPI Act, (in serious cases) you could get a maximum fine of R10-Million, imprisonment for up to 10 Years, or BOTH! For less serious cases you can get a fine, be imprisonment for up to 12 months, or BOTH.