POPIA aims to enforce the human right to privacy and confidentiality (Rooted in in the provisions of Section 14 of the Constitution of the Republic of South Africa, 1996) in a very real way. And, with the increase in ever-evolving digital technologies such as Wi-Fi tracking, geolocation, data analytics and telecommunications, its imminent implementation has been a welcomed legislation for consumers as a whole.
As of July you’ll need to have weathered the storm and made sure your company is in tip top shape when collecting, preserving and managing client data. Whether you’re a largescale corporate, or a small business owner, there is little time left to ensure you are is equipped with the tools and processes needed to comply with new regulations. We take a deeper look at the 8 Conditions of Lawful Processing in terms of POPIA, to give you a clear overview of exactly what’s in store:
Ask yourself, who will have the responsibility of maintaining compliance in your organisation? And what policies and procedures do they need to put into place?
2. Processing Limitation:
How will you collect information in a fair and lawful manner, with full consent of the data subject? The data will need to be obtained directly from the data subject, and only information that is required for the specific purpose for which it is gathered may be stored.
3. Purpose Specification:
Have you made it clear what the data subject’s information will be used for? Personal information may only be processed for specific, explicitly defined and legitimate reasons. From its intended use, to retention time and the processes used to destroy data, you’ll need to ensure compliance at all levels.
4. Further Processing Limitation:
If you intend to reuse information, is it still compatible with the purpose for which it was collected? The data subject will need to be aware of this intention as well.
5. Information Quality:
You will need to ensure that personal information collected is complete, accurate, not misleading, and will be available for data subjects to update or revoke consent.
You need to be totally transparent in gaining consent for personal information. You will need to be able to offer proof or evidence of this consent, and make it clear that a data subject has the right to lodge a complaint with the Information Regulator.
7. Security Safeguard:
Personal information must be kept secure against the risk of loss, unlawful access, interference, modification, unauthorised destruction and disclosure. Ask what procedures and processes are needed from gaining to sharing collected data, as well as who has access, and how to inform the Information Regulator of a security breach.
8. Data Subject Participation:
A data subject has a right to request the information you are holding from them. You will need to set up a process to ensure these requests are adhered to as well as any consent updates requested by the data subject.
So what will it all mean? POPIA is an integral part to keeping companies accountable and responsible when it comes to handling personal information. It means that consent will clearly need to be given to hold customers details, and can be revoked, leaving consumers feeling empowered and protected. POPIA will also mean that companies will need to possibly rethink their data collection strategies, to gain access to higher-quality leads, with clients that truly want to do business with them. A win-win example of sustainable, responsible, thoughtful business practices.