Are you looking for a POPI Act summary to help you on your process to POPI compliance? It is a complex law that is difficult to summarise. It has a broad impact on many entities and industries. The impact is also different for different organisations so summarising it for your organisation is no easy task.
Our short POPI Act Summary
The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for you to lawfully process the personal information of data subjects (both natural and juristic persons). The POPI Act does not stop you from processing and does not require you to get consent from data subjects to process their personal information. Whoever decides why and how to process personal information is responsible for complying with the conditions. There are eight general conditions and three extra conditions. The responsible party is also responsible for a failure by their operators (those who process for them) to meet the conditions.
The POPI Act is important because it protects data subjects from harm, like theft and discrimination. The risks include reputational damage, fines and imprisonment, and paying out damages claims to data subjects. The biggest risk, after reputational damage, is a fine for failing to protect account numbers.
The biggest impact is on organisations that process lots of personal information, especially special personal information, children’s information and account numbers. The most affected industries are financial services, healthcare and marketing.
It will probably commence on a date in 2020 and you’ll have a 12 month grace period. It will be regulated by a new Information Regulator and your Information Officer is the key person who must ensure compliance. The CEO is the person who might go to jail, but relax it is very unlikely anyone will go to jail.
POPI Act Summary for Executives
If you’re looking for a POPI Act summary to give your board or governing body, we can help you to prepare a short handout and even present the executive briefing.
Need assistance with POPI compliance
We are currently helping hundreds of organisations to comply with the POPI Act.
- Empower yourself with practical knowledge by joining a Data Protection Programme, attending a POPI Act workshop or POPIA webinar.
- Get assistance by finding out how we can help you with privacy and data protection.
- Raise awareness in your organisation by arranging for us to facilitate your own private in-house POPI Act workshop.
- Increase your knowledge by reading it online.
- Increase your awareness by reading a longer summary of the Protection of Personal Information Act or POPIA.