NEW LEGISLATION IMMINENT- POPI: ARE YOU ALL SET?
The Protection of Personal Information Act (“POPI”) was recently passed by the National Assembly and is now awaiting enactment. POPI will have as its main aim the protection of personal information. It has been stated that POPI has been designed to protect personal information given the fact that in today’s digital age there are serious implications in how this type of information is handled. Should an organisation or “responsible party” as named by POPI, request your personal information, they can only capture and use it with your consent. Organisations will further have to ensure that it is kept up to date and that they have put in place, reasonable security measures which are in line with industry standards. This in itself can be quite a tall order for many organisations that handle personal information of their clients.
As soon as POPI is signed into law all public and private organisations that process personal information will have a transition period of one year to address their compliance. The onus rests on the organisation to comply and compliance failure cannot only bring about reputational damage but can also lead to fines of up to R10 million or imprisonment of up to 10 years. An individual can at any time, free of charge request from an organisation whether they hold any of their private information. Upon provision thereof, the individual may demand correction or deletion of information that is inaccurate, out of date, misleading or that was obtained illegally. Organisations need to take note of these principles and assess to what extent these principles will apply to them. Proactively obtain help to assess the compliance of your business and start putting measures in place to ensure your compliance with POPI as compliance will not be an overnight exercise and will require planning and understanding on your part.