South Africa’s new data privacy law and how it affects you.

President Cyril Ramaphosa has announced that certain sections of South Africa’s Protection of Personal Information Act (POPIA) will take effect from 1 July 2020.

POPIA was implemented to enforce the ownership of personal information and the permissions around using it.The POPI Act sets forth eight conditions for the lawful processing of personal information. These conditions address how organizations demonstrate accountability for ensuring they respect the privacy of individuals in South Africa.

The Act regulates how this information is collected, stored, processed, and shared. Although the Act was signed into law in 2013 and certain sections of the Act went into effect in 2014, these effective sections pertained to the establishment and appointment of the Information Regulator. Once the sections of the Act that place obligations on organizations to ensure the lawful processing of personal information begin, organizations will have one (1) year following that date to comply with the Act’s provisions. POPI Condition 7 on “Security Safeguards” includes security measures that responsible parties must comply with to ensure the integrity and confidentiality of personal information.

Effect on businesses

The POPIA was expected to come into effect from 1 April 2020, but the initial commencement was delayed due to the COVID-19 outbreak.

POPIA will bring about a number of changes to South African businesses.

Citizens will have more control over the processing and privacy of their information, which will result in fewer spam calls and reduced exposure of their personal details to companies.

The provisions which are to be commenced from 1 July may result in “cold calling” no longer being allowed and will impose a significant burden on direct marketers to secure databases of personal information.

Companies will also need to ensure their customer data is processed securely and in line with the regulations, or they will face hefty fines.

Importantly, POPIA includes provisions for the disclosure and processing of personal information.

In cases which fall outside of these categories, personal information may not be processed or disclosed – providing South Africans with protection against companies that would use their personal data unscrupulously.

Infraplex is partnered with SOPHOS to help individuals and business owners comply with POPIA protocols and regulations. The SOPHOS XG firewall comes with a multitude of settings to assist in data protection, intrusion prevention and information regulation.

For more information on the certain sections of this act please click here

For more information on how SOPHOS can help you comply with the new regulations please click here