Are you looking for a POPI Act summary to help you on your process to POPI compliance? It is a complex law that is difficult to summarise. It has a broad impact on many entities and industries. The impact is also different for different organisations so summarising it for your organisation is no easy task.
Our short POPI Act Summary
The POPI Act sets some conditions for you to lawfully process the personal information of data subjects (both natural and juristic persons). The POPI Act does not stop you from processing and does not require you to get consent from data subjects to process their personal information. Whoever decides why and how to process personal information is responsible for complying with the conditions. There are eight general conditions and three extra conditions. The responsible party is also responsible for a failure by their operators (those who process for them) to meet the conditions.
The POPI Act is important because it protects data subjects from harm, like theft and discrimination. The risks include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect account numbers.
The biggest impact is on organisations that process lots of personal information, especially special personal information, children’s information and account numbers. The most affected industries are financial services, healthcare and marketing.
It will probably commence in the middle of 2016 and you’ll have a 12 month grace period. It will be regulated by a new Information Regulator and your Information Officer is the key person who must ensure compliance. The CEO is the person who might go to jail, but relax it is very unlikely anyone will go to jail.
POPI Act Summary for Executives
If you’re looking for a summary to give your board, we can help you to prepare a short handout and even present it for you. We’re also happy to help you present the executive briefing.