You’ve heard the talk of increased data privacy and the POPI Act, but how ready are you as a small business for compliance? The Protection of Personal Information Act (POPIA) began to take effect in 2020, but businesses officially have until Thursday 1 July 2021 to get their infrastructure compliant.
It is important to be aware of the ways that the Act affects websites as well as the potential consequences of non-compliance. Any business operating in South Africa is legally obliged to comply with the regulations contained in the act. Regardless of where your website is based, if you process personal information, it’s time to get compliant.
Here are 5 things that you need to know about your website and the POPI Act.
1. What Is POPIA All About?
South Africa’s Protection of Personal Information Act are new laws that regulate the Processing of Personal Information. “Personal Information” broadly refers to any information relating to an identifiable, living natural person or juristic person (companies, CC’s etc.).
This includes, but is not limited to:
- Contact information: email, phone, address, etc.
- Demographic: age, sex, race, birth date, ethnicity, etc.
- History: employment, financial, educational, criminal, medical history, etc.
- Biometric: blood type, etc.
- Opinions of and about the person.
- Private correspondence.
- Online identifiers such as email addresses, IP addresses, cookies, unique identifiers, search and browser history and location data.
2. Information Processing Must Be POPIA Compliant.
“Processing” refers to what you “do” with the Personal Information, as well as how you go about obtaining the information. This includes collection, usage, storage, dissemination, modification and destruction. Some of the obligations under POPI are to:
- Only collect information that you specifically need.
- Use appropriate security measures to protect it.
- Ensure it is relevant and up-to-date.
- Keep only what is needed, so long as it is required.
- Allow the subject/owner of the information to view it upon request.
3. How Does The POPI Act Affect My Website?
POPIA gives consumers the right to protect their data and privacy, gain insight into what data is collected about them (for example, the use of website cookies) and request that their information be corrected or deleted.
4. What Happens If I Am Not Compliant?
Unfortunately, there is no round-about route. If your business is online, you should be asking:
- Do I collect information from my users?
- How do I become POPI-compliant? How do I stay compliant?
According to Kyle Torrington of Hello Contract, presenting an “incorrect document to your users means that you are knowingly not complying with the POPI Act.” Not only is this illegal, but could damage both your business’s image, result in a hefty fine or worse!
Failure to comply with the new regulations by the deadline on 1 July 2021 could result in a maximum of 10 years in prison or being charged with a R10 million fine by the Information Regulator.
5. So, What Should I Do?
Despite the deadline for change knocking on our doors, it is nothing to be feared. The Act is a mere formalisation of the privacy principles that already exist, and South Africa is swiftly following suit from the likes of the European Union (EU) and the United Nations (UN).
We’ve Got You Covered!
Privacy is important, and when implemented correctly, Privacy Policies benefit website owners as much as their users. They enable businesses to understand consumer behavior to improve their marketing. And it meets the rights of consumers to have their privacy protected.
Need A Web Expert?
At Launch Digital, We help established businesses by transforming their websites into lead generating machines and creating online marketing campaigns that result in more customers than they can handle.