Blog

POPI refers to South Africa's Protection of Personal Information Act

The POPI Act is here

The Protection of Personal Information Act, more commonly known as POPI, has finally come into force. It was originally passed back in 2013, but was only put into action this year on 1 July. Businesses around South Africa and those dealing with South Africa now have exactly one year from that date to ensure that they are compliant with the regulations stipulated in the Act.

What exactly is POPI?

As it says in the name, POPI is all about ensuring that the personal information your organisation collects from people is kept securely and used appropriately. The idea is to give the public more rights in terms of how their information is used and therefore, reduce the amount of unsolicited communication they receive from companies.

Under the terms of the Act, personal information is defined as anything that can be used to identify a person. This includes the person’s name, their contact details, physical address, identity number and age. If your organisation collects, stores or processes any of this kind of information for individuals, you need to ensure that you are compliant with the Act on 1 July 2021.

How do you ensure you’re compliant?

The first step will be to create a Privacy Policy for your company. You should do one for the public (your clients and suppliers) and one for the organisation (your staff members). We believe that it’s important to start with your public facing policy now in order to ensure that you have everything in place before POPI starts to be enforced.

At Netgen, we have begun the process of ensuring that our products and data collection points are compliant. We’ve also started working on a checklist to get all of the software that we create for clients completely compliant. We figured that if we are up to speed on these issues, it’ll be easier for us to help clients get to grips with POPI.

What to include in your Privacy Policy

This document is one of the most important steps to becoming compliant with the POPI Act regulations. It should include:

  • Why you collect personal information
  • How you store this data
  • How long these details are kept for
  • An incident response plan in case of a breach
  • How people can get hold of you to see what data you have on file for them and to request that you delete that information

Getting your organisation ready for the enforcement of the POPI Act will take some time and a bit of work. We’re here to help our clients with every step and have done a lot of research towards getting ourselves compliant. If you need any assistance for your business, get in touch with Netgen today.