PoPIA is imminent, are you ready?

Issue 9 2020 Security Services & Risk Management

After nearly a decade of ‘it’s nearly here’ the Protection of Personal Information Act’s (PoPIA) arrival is genuinely imminent. Compliance with the Act is viewed as being expensive, intimidating, and confusing – leaving many businesses of all sizes unsure of how to approach the challenge. Small businesses may become daunted by the apparent cost of compliance. The real question is, can any business afford non-compliance?

Carrie Peter.

PoPIA is designed to protect personal information processed by public and private bodies. ‘Personal information’ is that data which alone, or in combination, allows a person to be uniquely identified, and any information that may tell the reader something about someone. The Act came into effect on 1 July 2020, with a 12-month grace period. From 1 July 2021, non-compliance will come with substantial penalties, including: a fine or imprisonment of between R1 million and R10 million, or one to 10 years in jail; and financial compensation for damages suffered by data subjects.

In a world that has already been forced to digitalise faster than ever before, concentrating on another area of restructuring may appear overwhelming. For this reason, local provider of e-signature solutions in South Africa, Impression Signatures, has embarked on a campaign to demystify PoPIA, making reliable information available to businesses of all sizes, at no cost. This campaign drives compliance by explaining not only why it’s important, but the terms, requirements, and obligations created by the Act too.

PoPIA is quite clear, the burden of proof that consent was obtained rests with the ‘responsible party’, the entity or person responsible for gathering the information. This means that it is up to the business to prove that they got consent from the customer, and not the customer’s responsibility to prove that they gave consent. It is expensive because systems that were not planned or designed with privacy in mind struggle to retrofit changes into legacy models and processes. In some cases, everything needs to be re-engineered.

If the data is retained for any reason it must be safeguarded. This includes securing storage of this data so that unauthorised third parties do not have access to this data, and that people within the organisation who are not part of the legitimate processing of that data do not have access either. These data management activities should also be provable, so a company should be able to prove that customer data is safe.

“Accessibility is key, and many small businesses simply cannot afford expensive lawyers, consultants, or data consulting experts to help them re-engineer their processes. We place a large focus on accessibility. It’s why our software runs on USSD – because we understand that not everyone has a smartphone, and that shouldn’t preclude them from participating in the local (or global) economy,” confirms Carrie Peter, solution owner at Impression Signatures.

Peter confirms that, much like the General Data Protection Regulation (GDPR), PoPIA comprises three main principles: who can have access to data, what data can they have access to, and how can they use this data? The Impression PoPIA Campaign seeks to explain the definitions in a more palatable format, while giving businesses confidence in their approach to compliance.

With this information at hand, organisations are empowered to take a risk-based approach to compliance. “Operating in accordance with the Act must be accessible to all. The focus should be on affordable solutions, and reliable guidance that helps businesses embrace a cost-based, business-centric approach to applying PoPIA. Businesses must understand their appetite for risk, and the level of data security that each individual contract requires,” concludes Peter.

For more information visit www.impression-signatures.com

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Communication in any situation
Issue 8 2020, Elvey Security Technologies , Global Communications , Security Services & Risk Management
Global Communications offers an industry-first with five-year warranty on select Kenwood two-way radios.

The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

Embracing machine learning in every vertical
Issue 9 2020 , Security Services & Risk Management
Machine learning (ML) has become more commonplace in enterprises as the number of areas where it is effective grows.

Managing guarding staff
Issue 9 2020, OnGuard , Security Services & Risk Management
Making sure that security staff are managed to the fullest and that the mandate from the client is met and professionally managed is critical to retaining customers.

Ransomware insurance is here
Issue 9 2020, Cyber Security South Africa , Security Services & Risk Management
CSSA, MyCyberCare and Commercial Crime Concepts join forces to launch a standalone ransomware insurance offering.

How many wrongs make a right?
Issue 9 2020, Alwinco , Security Services & Risk Management
Most buildings, whether corporate buildings, shopping centres, homes, estates and so on, are designed and built without security and crime in mind.

Factors affecting the success of criminal and disciplinary cases
Issue 9 2020 , Security Services & Risk Management
Sonja de Klerk discusses the factors that determine whether a criminal or disciplinary case can be successfully prosecuted or argued.

When not just any battery will do
Issue 9 2020 , Security Services & Risk Management
Only high-quality batteries from reputable suppliers should be used for security and other mission critical equipment to avoid potentially costly failures.

Alarming increase in truck hijackings
Issue 9 2020 , Security Services & Risk Management
Call for increased vigilance as crime statistics reveal an alarming 32% spike in truck hijackings.

Can you monitor employees without losing their trust?
Issue 9 2020 , Security Services & Risk Management, Training & Education
Monitoring employees who are working remotely can be a tricky task if you want to ensure productivity and commitment without destroying trust and morale.