printer friendly version

Start your POPIA compliance journey

Regulators are no longer afraid to protect people’s rights to privacy against tech giants. In recent years, we have seen the likes of Google and Facebook receive large amounts of General Data Protection Regulation (GDPR) fines.

According to head of legal and chief privacy officer at LAWtrust, Rian Schoeman, it is time to look thoroughly at South African businesses and how far they are with their Protection of Personal Information Act (POPIA) compliance journey.

“POPIA in South Africa came into effect on 1 July 2020, and if you have not started with your compliance journey, you need to act fast as the one-year grace implementation period draws closer to the end,” says Schoeman.

He adds that it is never too late to start, and several quick wins can assist you in kicking off your POPIA compliance journey; following these steps can help you cover some of the large gaps in your POPIA compliance journey:

Commit: It is time to commit to a POPIA compliance journey. You can start by inculcating POPIA compliance in the day-to-day management of your business, so that it becomes second nature, just like a sales or other process.

Train your staff: Many sources offer POPIA training, some of them even for free, but often you get what you pay for. Before deciding on a training provider, make sure to read reviews and feedback from other businesses that have undergone this training.

Find your data: Many companies believe that this requires a massive data mapping exercise and the purchase of expensive data mapping tools. This is not the case. The best way to find out how personal information flows through your business is to look at how it interacts with your current business processes. Think of how you on-board new employees into your business or how you deal with new customers, for example.

Secure your data: This is much easier than you think. Most installations of Windows and Mac OS have disk encryption tools built in. By just making sure that you encrypt the desktop and laptop computers in your business, you have already gone a long way to protecting personal information, even if there will be further steps you need to take.

Schoeman says POPIA compliance is good for your business because customers deserve it. “You will soon find that it comes with added benefits for your own business, such as structuring your data and being able to provide prospective customers with the assurance that protecting their personal information is something you take seriously,” he concludes.

Share this article:

Further reading: