Are you looking for a POPI Act summary to help you on your process to POPI compliance? It is a complex law that is difficult to summarise. It has a broad impact on many entities and industries. The impact is also different for different organisations so summarising it for your organisation is no easy task.
Our short POPI Act Summary
The Protection of Personal Information Act or POPI Act is South Africa’s equivalent of the EU GDPR. It sets some conditions for you to lawfully process the personal information of data subjects (both natural and juristic persons). The POPI Act does not stop you from processing and does not require you to get consent from data subjects to process their personal information. Whoever decides why and how to process personal information is responsible for complying with the conditions. There are eight general conditions and three extra conditions. The responsible party is also responsible for a failure by their operators (those who process for them) to meet the conditions.
The POPI Act is important because it protects data subjects from harm, like theft and discrimination. The risks include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect account numbers.
The biggest impact is on organisations that process lots of personal information, especially special personal information, children’s information and account numbers. The most affected industries are financial services, healthcare and marketing.
It will probably commence on a date in the first three months of 2019 and you’ll have a 12 month grace period. It will be regulated by a new Information Regulator and your Information Officer is the key person who must ensure compliance. The CEO is the person who might go to jail, but relax it is very unlikely anyone will go to jail.
POPI Act Summary for Executives
If you’re looking for a POPI Act summary to give your board, we can help you to prepare a short handout and even present it for you. We’re also happy to help you present the executive briefing.
Need assistance with POPI compliance
We are currently helping hundreds of organisations to comply with the POPI Act. You could attend one of our POPI workshops or read more on how we can help you comply in a practical and effective way. You can also read a longer summary of the Protection of Personal Information Act or POPIA.