MARKET TRENDS
PoPIA is imminent, are you ready?
After nearly a decade of ‘it’s nearly here’ the Protection of Personal Information Act’s (PoPIA) arrival is genuinely imminent. Compliance with the Act is viewed as being expensive, intimidating, and confusing – leaving many businesses of all sizes unsure of how to approach the challenge.
"S
mall businesses may
drives compliance by explaining not only why
processes. We place a large focus on
become daunted by
it’s important, but the terms, requirements,
accessibility. It’s why our software runs
the apparent cost of
and obligations created by the Act too.
on USSD – because we understand that not
compliance. The real question is, can any
POPIA is quite clear, the burden of proof
everyone has a smart phone, and
that consent was obtained rests with the
that shouldn’t preclude them from
‘responsible party’; the entity or person
participating in the local (or global)
information processed by public and
responsible for gathering the information. This
economy,” confirms Carrie Peter, solution
private bodies. “Personal Information” is
means that it is up to the business to prove
owner at Impression Signatures.
that data which alone, or in combination
that they got consent from the customer, and
allows a person to be uniquely identified,
not the customers responsibility to prove that
General Data Protection Regulation
and any information that may tell the
they gave consent. It is expensive because
(GDPR), PoPIA comprises three main
reader something about someone. The
systems that were not planned or designed
principles: who can have access to data; what
Act came into effect on 1 July 2020, with a
with privacy in mind struggle to retrofit
data can they have access to; and how can
12-month grace period. From 1 July 2021,
changes into legacy models and processes.
they use this data? The Impression PoPIA
non-compliance will come with substantial
In some cases, everything needs to be re-
Campaign seeks to explain the definitions
penalties, including: a fine or imprisonment
engineered.
in a more palatable format, while giving
business afford non-compliance? PoPIA is designed to protect personal
of between R1 million and R10 million
If the data is retained for any reason it
Peter confirms that, much like the
businesses confidence in their approach to compliance.
or one to 10 years in jail; and financial
must be safeguarded. This includes securing
compensation for damages suffered by
storage of this data so that unauthorised third
data subjects.
parties do not have consent to access this
are empowered to take a risk-based
With this information at hand, organisations
data, and that people within the organisation,
approach to compliance. “Operating in
forced to digitise faster than ever
who are not part of the legitimate processing
accordance with the Act must be accessible
before, concentrating on another area of
of that data do not have access either. These
to all. The focus should be on affordable
restructuring may appear overwhelming.
data management activities should also be
solutions, and reliable guidance that helps
For this reason, local provider of
provable, so a company should be able to
businesses embrace a cost-based, business
e-signature solutions in South Africa,
prove that customer data is safe.
centric approach to applying PoPIA.
In a world that has already been
Impression Signatures, has embarked on
“Accessibility is key, and many small
Businesses must understand their appetite
a campaign to demystify PoPIA, making
businesses simply cannot afford expensive
for risk, and the level of data security that
reliable information available to businesses
lawyers, consultants, or data consulting
each individual contract requires,”
of all sizes, at no cost. This campaign
experts to help them re-engineer their
concludes Peter. •
14
JANUARY 2021 | FOOD REVIEW
