For a while, it looked as though South Africa would lag behind the rest of the world when it came to personal information protection laws, but suddenly, all of that has changed.
The South African Constitution declares that everyone has the right to privacy, and South Africa is now taking the use and storage of personal information seriously with laws to protect the average person on the street, as well as the high-flying business owner from a possible data breach.
President Cyril Ramaphosa has stepped up and proclaimed that certain essential sections of the POPI Act will come into effect as of 1 July 2020. The PoPI (Protection of Personal Information Act) has been sufficiently updated and while it will be effective as of 1 July, there is a 12-month grace compliance period.
What the Updated PoPI Act Means for the SA Business Owner
South African businesses will have 12 months to ensure that they make adjustments to their business operations, so that they are compliant with the PoPI Act, although it is recommended that they should attempt to comply as soon as possible. The changes to the various sections and the implementation of new sections to the Act means that you will have to take a close look at how you deal with your customer’s and employee’s personal data and information. You will need to put protective measures in place to ensure that data is never put at risk.
The updated Act seeks to ensure that businesses process personal information legally and respond to their duties and responsibilities as entities handling sensitive information.
The updated PoPI Act states that businesses should have a dedicated Information Officer (not necessarily a full-time employee of the company) to ensure business-wide compliance. Businesses that don’t comply within the lengthy time-frame given to reach compliance will be faced with hefty penalties for breaking the law.
What the Updated PoPI Act Means for the South African Consumer
Once the Act was amended, it was published that the following sections had been updated:
- Sections 2 to 38
- Sections 55 to 109
- Section 111
- Section 114 (1), (2), (3)
While all of these sections have been changed, it is largely section 5 that affects the South African consumer the most as it deals with how the information of individuals is gathered and processed. The rights expanded on in the Act mean that you as a consumer have the right to:
- Receive notifications when your information is being collected.
- Receive notifications if your data is intercepted or accessed by an unauthorised third party.
- Query if a party has your personal information.
- Request a copy of your stored or captured information from a party.
- Request that your personal information is corrected or deleted by a party.
- Deny the processing of your personal information in certain situations.
- Refuse to have your personal data processed for the purpose of direct marketing.
- Not be subject to a decision on outcomes that are only based on the information provided by an automated system.
- Submit official complains to regulators pertaining to non-compliance of the Act.
- Action civil proceedings against parties that interfere with the protection of your personal information.
Whether you are a business owner or a consumer in South Africa, the amended PoPI Act has been designed to protect your rights as well as personal data. By working together (and that means being compliant with the updated Act), data in South Africa can be handled safely and securely.
If you want to start getting your business compliant with the new PoPI Act, you can start by signing up for a data encrypted online backup service. Ensuring that the sensitive data on your business devices is kept safe and sound is a step in the right direction.