The Protection of Personal Information Act, 2013, has been in force since the 1st July 2020, but are you familiar with it, and has your business taken the necessary steps to ensure that it’s in line with the new data privacy law and POPI Act compliance?
Read on for everything you need to know about the POPI Act and cybersecurity in general:
What Is Popi?
South Africa’s newest data privacy law, it stands for the Protection of Personal Information Act 2013, and controls how organizations collect, use, store, delete and handle personal information. Closely linked with cyber security in general, it’s an important aspect of all modern businesses.
What Does The New Law Class As Personal Information?
Anything that can be used to personally identify an individual, such as their name, identity number, age and addresses, is classed as personal information. POPI Act compliance can only be achieved when a business takes proper steps to secure this information in line with the new law.
Who Does Popi Act Compliance Apply To?
If you’re a local or foreign organization that processes personal information, such as collecting or using it, then POPI Act compliance applies to you.
How Long Do Organizations Have To Become Compliant?
Working towards POPI Act compliance and enhanced cybersecurity should now be the goal of all South African organizations handling personal information, and while you have 12 months from the 1st July 2020 to do so, it pays take the necessary steps as soon as possible.
What Exactly Is Meant By Popi Act Compliance?
Organizations should be working closely with cybersecurity professionals to put policies and procedures in place to ensure that all personal information they handle, is dealt with appropriately and protected from unauthorized access or loss. This is the only way that POPI Act compliance can be achieved.
Can Organizations Benefit From The Popi Act?
The enhanced cyber security and data protection measures put (or being put) in place to achieve POPI Act compliance, can be beneficial to organizations by enabling them to analyze and better understand all data that they handle. In general, better data management and enhanced cybersecurity should always help to increase the efficiency and effectiveness of any organization.
Who Is Popi Regulated By?
Created by the POPI Act, the Information Regulator is accountable to the National Assembly.
What Happens To Organizations That Don’t Have Popi Act Compliance?
Fines and penalties are applicable for those organizations found not to be compliant with the POPI Act, and they range from up to ten years jailtime, to a R10 million fine; the severity of the fine or penalty is dependent upon the nature and gravity of the offence.
Does Popi Act Compliance Add Anything To An Individual’s Right To Privacy?
There are many aspects of an individual’s constitutional right to privacy; the POPI Act provides a direct mechanism through which those aspects relating to personal information in the constitution, can be enforced.
Do you need help with POPI Act compliance or implementing any methods of enhanced cyber security for your organization? If so, contact a reputable IT company today, who can help ensure that you’re made compliant as quickly, and cost effectively as possible.