POPI is tightening the screws on personal information. And experts are warning you to tread very carefully.
Here's why you should take POPI seriously
Biz Community is reporting that Deloitte's experts on the Act‚ Daniella Kafouris and Dean Chivers, say many companies under-estimate the gravity and complexity involved in becoming compliant with POPI.
One of the terms of the Act is that companies doing business in several jurisdictions will no longer be able to outsource data-storage functions to service providers in countries that don't have similar legislation, without implementing contractual and risk mitigating measures.
The experts say the rules governing the handling of data will affect nearly every aspect of business. It'll require changes to legal documents‚ analyses of subcontracting practices and gaining control over cross-border data flows.
In the report, Cliffe Dekker Hofmeyr director Nick Altini is also quoted as saying: 'The success of the legislation will depend on the strength of the regulator. In instances of abuse‚ individuals will have the right to complain to the regulator.
This means if your company is in the wrong‚ the regulator will issue your company with a compliance notice and a penalty.
What are the consequences of ignoring POPI?
We reported that Lucien Pierce, an attorney at Phukubje Pierce Masithela Attorney said 'anyone who contravenes POPI's provisions faces possible prison terms and fines of up to R10-million. POPI also allows individuals to institute civil claims so there's the possibility of further financial loss on top of any fine that may be imposed.'
Altini says since POPI is so strict, 'any company will have to ask itself some pertinent questions about its business practices‚ such as why it wants the identity number of a person entering the premises‚ what it will use the identity number for, how long it will keep it and who else will have access to it.'
Craddock shares the same sentiments.
He says the act adds further complexity to what is already a convoluted legislative and regulatory business environment.
'Unless a company has a cohesive practical implementation plan that is in line with its legal obligations‚ it remains at risk. Global trends show that getting privacy right is important to ensure customers trust organisations,' he says.
While your company still has a year to make changes to ensure compliance with POPI, make sure you do this as soon as possible to avoid penalties.
Enjoyed this article? Subscribe to receive these free articles in your inbox daily.