The grace period for your organisation to comply with the Protection of Personal Information Act (POPI Act or POPIA) ended on 1 July 2021. Just so you know, you have to comply now. What action does your organisation need to take? You want to take practical and effective action that is going to achieve the best results at the lowest cost. There are many possible ways to get data protection right, and it’s essential to take the right one for your organisation. If you know what action you want to take, visit our data privacy and data protection page to see how we can help you or enquire on the right.

Don’t panic – no one is going to jail.

There is no shortage of people trying to sell you offerings related to POPIA: workshops, conferences, tech solutions, programmes, online courses, online training, legal services, and consulting services. How do you cut through the noise?

Use our infographic to work out what your next steps should be.

Download our POPI Act infographic | Plan your next steps

Five questions

We suggest that you ask yourself these five questions:

Must my organisation comply with POPIA?

For many, the answer will be yes but some may be surprised to find out that they don’t need to comply with the POPI Act. POPIA, unlike the GDPR, does not apply extraterritorially. Meaning that it only applies to organisations in South Africa. Essentially, if you are domiciled in South Africa or you process personal information in South Africa, then you need to comply with POPIA (section 3). In addition, the processing of some personal information is excluded. For example, if you are processing purely for a personal reason or as a household activity then POPIA won’t apply to you. Some organisations are exempt in some circumstances.

Knowing if POPIA applies to you can get tricky, and if you’re not sure, read our insight on it or watch our video.

Do I have high-level awareness of the POPI Act?

Knowledge is Power. Having a high-level awareness of POPI is crucial in helping you decide what your next steps are going to be.

You need to determine whether you have a high-level awareness – If you’re not sure, read our insight on it or watch our video.

Am I the right person to be responsible for this?

Every organisation has an Information Officer by default and they are responsible for ensuring that your organisation complies with POPIA. If you are the Information Officer, now is the time to ask: Do I want to delegate the responsibility to someone else? If yes, the question is: who is the right person to be the deputy or designated Information Officer? If not, the question is: How will I meet my responsibilities as the Information Officer?

To help you find answers to these questions, read our insight on it, or watch our video.

         

You can watch an older version of this video recorded on 7 July 2020.

What is the impact on my organisation?

You need to know the impact of POPIA on your specific organisation so that you can decide what the next best steps are.

Complying with POPIA is not a case of one size fits all. Different organisations need to take different actions to comply. For example, what a small enterprise (or SME) has to do is very different from what a medium or large-sized organisation has to do.

An organisation’s actions are also dependant on the foundations already built to protect personal information. Some organisations may have many securities in place while others are new to the issue.

To learn more about the impact of POPIA on your organisation, take our complimentary impact assessment for your specific organisation, read our insight on it, or watch our video.

What are my organisation’s next steps?

As we’ve said, there are many possible roads to go down. But don’t panic.

At Michalsons we believe that data protection is like personal fitness – it takes time to get fit! To learn more, have a look at our top tips for data protection projects. And if you’re wondering ‘how much does data protection compliance cost?’ then we have the answer for that too!

To find out the options and consider the next steps, take our complimentary impact assessment for your specific organisation, read our insight on it, or watch our video.

If you have the answers and know what you need

If you know what action you want to take, visit our privacy and data protection page to see how we can help you or enquire on the right.