If your company processes or handles personal information, Secur can assist you in complying with the POPI Act by improving your security systems and getting your organisation closer to perfect security.
In November 2013, the Protection of Personal Information Act (POPI) was signed into law in South Africa. POPI has significant implications for all South African businesses, which may incur potentially severe penalties if they fail to process and store personal information in accordance with the Act. The Act uses a broad definition of ”personal information”, with the result that it will affect a high percentage of businesses.
A commencement date for the Act is still pending, giving South African businesses time to determine what’s required of them.
Once your company is familiar with the Act, Secur can assist you in addressing compliance issues by beefing up your security, encrypting data and implementing other measures to protect the personal information your company handles.
Key Features Of The POPI Act
- Maximum fines for non-compliance can be up to R10million and could result in a prison term for those deemed responsible
- The Information Regulator has the power to issue an Enforcement Notice requiring the organisation to stop processing personal information
- POPI provides for the appointment of an Information Regulator (IR), who is responsible for investigating the breach and monitoring and enforcing compliance with POPI as well as the Promotion of Access to Information Act
- Disclosure of a breach must be given to the Information Regulator, as well as affected individuals
- All organisations, regardless of size or location, must comply with the POPI Act if they hold any personal data on South African citizens
You are required to comply with the POPI Act if you record, store or share any type of personal information in your business, for example:
- You have an advertising strategy to identify and contact leads to turn them into sales.
- Someone completes a dataform on your website.
- Someone fills out a Covid-screening form.
- Someone sends an email to request a quote.
- Someone provides personal information as identification when entering your premises.
- Clients provide personal or business information to close a transaction.
- You store or share personal information with third parties (for example banking details for debit orders).
What we can do for you :
- POPI Roadmaps.
- Data Mapping.
- Risk Mapping.
- Standards Formulation and Compilation.
- Policy Formulation and Compilation.