Contact us
04 Nov 2015

THE PROTECTION OF PERSONAL INFORMATION ACT

The Protection of Personal Information Act No. 4 of 2013, or “POPI”, has been signed into law, but is not effective as yet. Compliance with POPI looks to be an onerous task; therefore, as we await the announcement of POPI’s effective date we recommend that measures be put into place without delay to ensure that your business is POPI ready.

POPI requires, among other things, that personal information should only be processed if it is necessary for, or directly related to, a lawful, explicitly defined purpose, that personal information be processed in a reasonable manner that does not infringe the privacy of the person and that any processing of personal information must be adequate, relevant and not excessive.

This means that:

  • The reason why personal information is collected must be related to a function or activity business of your particular business.

If for example, market research is not an activity of your business, personal information cannot be collected from your customers for the purpose of conducting market research.

  • Businesses are to inform consumers of the reason for which information is being collected, stored, etc.

If personal information is collected for in the course of a consumer participating in a promotion or entering into a contract with a business, and the business intends to use such information for marketing goods or services to the consumer, the consumer must be informed thereof and give their consent thereto.

  • Businesses must limit the processing of personal information as far as possible.

Once the purpose has been achieved, processing of information should come to an end. This means, for example, not collecting information which is irrelevant to your business or storing information for longer than it is required.

Certain requirements of POPI will be met by simply amending documents that your business uses to collect personal information to include express consent to certain uses thereof, whereas compliance with other aspects of POPI will require ongoing training of your employees in dealing with personal information and the efforts of an information officer (or a team of information officers) in implementing a POPI policy and monitoring whether privacy is being infringed.

Share this article

We use cookies to make your experience with us better. By continuing to use our website, you are agreeing to our use of cookies. To find out more see our privacy statement.

Close
Ask QIPPY AI
Ask QIPPY AI

Disclaimer

Although we take great care to ensure that the information in our Chatbot is accurate and up to date, readers are advised to always consult with a Professional before acting on the information. The information on this Chatbot does not constitute legal or financial advice.