Are You POPIA Compliant?

The Protection of Personal Information Act or POPIA regulates the use and processing of personal data. The Act applies to all businesses in South Africa and ensures that private information is safeguarded. The Act will come into full effect on 1 July 2021 making it very important for all businesses to ensure that they are POPI compliant and are taking the measures to safeguard their data subject’s private information. But how does one know whether they are compliant? And why do business websites need a privacy policy? 

6 Practical Steps to Ensure Your Website is POPIA Compliant: 

1. Consent: users need to explicitly consent to direct marketing.
2. Inform: inform your website users that you are collecting their personal information and when data breaches occur.
3. Transparency: tell your visitors how and why you plan to use their personal information and where their data will be stored.
4. Respect: ensure that you recognise your users’ rights to opt-in and opt-out of the processing of their private information and to request, delete and correct any private information that has been collected and processed. 
5. Secure: ensure that your business implements a system to secure data, maintain confidentiality, verifies data requests and updates their current privacy policy and cookie and cookie policy. 
6. Register: it is key to register an Information Officer and for larger companies a Deputy Information Officer who is responsible for ensuring POPIA compliance. 

The Penalties of Non-Compliance: 

• Any business website that does not comply with the regulations of the POPI Act can be liable to a fine of up to R10 million and for more serious or repeated infractions the Information Officer can face imprisonment for up to 10 years. 
• Imprisonment may be paired with a fine if the Information Regulator sees fit to do so.   
• In the case of a severe breach, the Information Regulator may insist your business be closed for the duration of the investigation. 
• The reputation of your business may be tarnished and in turn, you may lose clients. 
• Your company might never recover from a severe breach of personal information.  

Ensuring that your business website reasonably complies with the POPI Act and protects personal information will only be advantageous to your business not just in terms of avoiding a hefty fine or imprisonment. It will amass trust from your users and clients as they will feel confident that their personal information is safe, and that trust will lead to more website users and an expansion of your client base. It will prevent future security breaches thus maintaining and improving the reputation of the business. 

Here at Warp Development, we offer compliance solutions to help you make certain your business website complies with all of the regulations set out by the POPI Act to secure the trust of your users. Take the next step in gaining an edge over your competitors and contact us.