What is POPIA?
POPIA is the acronym for the Protection of Personal Information Act, 4 of 2013. It finally came in to effect, finally on 1 July 2021.
WHY DOES IT MATTER?
Every organization, who processes “personal information”, within South Africa is required to be POPIA compliant, regardless of its size or nature.
WHAT IS “PERSONAL INFORMATION”?
Personal information relates to any information which relates to a natural or juristic person who is living or identifiable, where ever they are located.
WHAT IS PROCESSING?
The definition of “processing” refers to any act which touches the personal information of a data subject, which is conducted with in South Africa, save for the mere passing through of personal information and certain defined exceptions. The exceptions are:
- Personal or household activity;
- Data that has been de-identified to the extent that it cannot be re-identified again;
- Processing Personal Information by or on behalf of a public body—
- which involves national security;
- for the purpose of prevention, detection, and assistance in the identification of the proceeds of unlawful activities;
- By the Cabinet and its committees or the Executive Council of a province;
- Judicial functions of a court; or
- Terrorist and related activities.
WHAT ARE THE SANCTIONS FOR NON-COMPLIANCE?
Sanctions for non-compliance, may include, a fine not exceeding R10 million and imprisonment of not more than ten years, which would be imposed by the relevant authorities. However, non-compliance could also result in civil liability and reputational damage for organisations. It is a serious threat in the data driven society that we live in.
Let us help you to establish your needs, as not everyone has the same requirements. From there we can agree a plan with you to get you where you need to be in terms of data protection compliance. You can complete our short two minute questionnaire here and we will get back to you or contact us directly.