South Africa's new data privacy laws take effect tomorrow - How to ensure compliance

Hanno Labuschagne

Hanno Labuschagne

Journalist
Staff member
Joined
Sep 2, 2019
Messages
5,678
Reaction score
3,964
South Africa's new data privacy laws take effect tomorrow - How to ensure compliance

South Africa’s Protection of Personal Information Act (POPIA) is set to come into effect from 1 April 2020.

The Act concerns the processing of personal information by companies and other agents, introducing a number of new laws which clamp down on user and employee data processing.

According to KnowBe4 Director of Data Privacy Lecio De Paula, the legislation will have an implementation period of around one year, and many organisations have already begun taking steps to comply with the legislation.
 
Yo, you listening multinationals?!

Better be.
 
wizardofid said:
Speaking of which indirectly on topic, the one thing this lockdown has achieved, I haven't had a single robot or telemarketer call me.
Click to expand...

I am interested in how businesses will now be going about in reengaging with their ‘databases’ to obtain consent. POPI is still untested, cases are still to be made.

There are various things businesses can still do, like hosting overseas, but compliance applies. You need to be a responsible party and or operator, and customers or any person or entity which engages with your service or product needs to understand and consent where their data will be stored and how it will be protected and, and, and…

Long terms, conditions and other privacy clauses won’t cut it anymore, those who engage with your product need to comprehend everything and give consent, and be able to withdraw said consent.

Call centres will be mad about this, and those supplying them with communication will also be mad but a little bit less so. POPI isn't there to hurt businesses, it is to ensure good and ethical practices.
 
Fulcrum29 said:
Many multinationals already abide by GDPR, and some businesses here are already compliant with GDPR, and many will need to play catchup in terms with POPI.
Click to expand...

Not enough.
Never enough.

They need it rammed down their throats (HARD!) before they usually comply.
 
Fulcrum29 said:
I am interested in how businesses will now be going about in reengaging with their ‘databases’ to obtain consent. POPI is still untested, cases are still to be made.

There are various things businesses can still do, like hosting overseas, but compliance applies. You need to be a responsible party and or operator, and customers or any person or entity which engages with your service or product needs to understand and consent where their data will be stored and how it will be protected and, and, and…

Long terms, conditions and other privacy clauses won’t cut it anymore, those who engage with your product need to comprehend everything and give consent, and be able to withdraw said consent.

Call centres will be mad about this, and those supplying them with communication will also be mad but a little bit less so. POPI isn't there to hurt businesses, it is to ensure good and ethical practices.
Click to expand...

Will see what happens, a week or two just before the lockdown, got calls from African Bank, Standard Bank, old mutual, and cellc all requesting me by name and surname, wanting to peddle insurance and various other services, considering I haven't used or currently using any of the above companies in 15 odd years and having changed contact numbers and addresses a few times and them having up to date info, including things like ID numbers and such, really pissed me of. Database removal also doesn't seem to work either.
 
MirageF1 said:
Not enough.
Never enough.

They need it rammed down their throats (HARD!) before they usually comply.
Click to expand...

You have a right to ask them now how your data is stored and protected, and the remedies they will pursue when your data is vulnerable. You also have the right to consent to this and withdraw your consent.

It is also your choice with who to contract with to provide you with services or products.

DO NOTE:


Many people want to know what the POPI commencement date (or POPI effective date) will be. It seems likely that the commencement date will be 1 April 2020. It is important because the grace period of one year starts running from the commencement date – the clock starts ticking. You must comply with the POPI Act and the Information Regulator will start enforcing the POPI Act one year after the commencement date.
Click to expand...

Best to start complaining on April 1st, 2021 ;)
 
wizardofid said:
Speaking of which indirectly on topic, the one thing this lockdown has achieved, I haven't had a single robot or telemarketer call me.
Click to expand...
I have and to be honest I was pretty surprised by that. I wasn't expecting any.
 
Fulcrum29 said:
/snip
Click to expand...

I probably knew all this way before you.
Was living in UK for 15 yrs , from 2002-late 2017.

Doesn't change what I was saying one bit.

They ALL need it rammed down their throats (HARD!) before they usually comply.

P.S Still waiting for %$^%$ Barclays to send me ALL my personal data they hold I requested 5 months ago.
Busy taking it up with the Ombudsman...
 
Hanno Labuschagne said:
South Africa's new data privacy laws take effect tomorrow - How to ensure compliance

South Africa’s Protection of Personal Information Act (POPIA) is set to come into effect from 1 April 2020.

The Act concerns the processing of personal information by companies and other agents, introducing a number of new laws which clamp down on user and employee data processing.

According to KnowBe4 Director of Data Privacy Lecio De Paula, the legislation will have an implementation period of around one year, and many organisations have already begun taking steps to comply with the legislation.
Click to expand...
Isn't it so ironic that tomorrow is also April Fool's day?
 
MirageF1 said:
I probably knew all this way before you.
Was living in UK for 15 yrs , from 2002-late 2017.

Doesn't change what I was saying one bit.

They ALL need it rammed down their throats (HARD!) before they usually comply.
Click to expand...

...or you could report them?
 
I suspect that POPI compliance is not exactly going to be top of most companies priorities over the coming months.
 
Hanno Labuschagne said:
South Africa's new data privacy laws take effect tomorrow - How to ensure compliance

South Africa’s Protection of Personal Information Act (POPIA) is set to come into effect from 1 April 2020.

The Act concerns the processing of personal information by companies and other agents, introducing a number of new laws which clamp down on user and employee data processing.

According to KnowBe4 Director of Data Privacy Lecio De Paula, the legislation will have an implementation period of around one year, and many organisations have already begun taking steps to comply with the legislation.
Click to expand...
joke?
 
garp said:
I suspect that POPI compliance is not exactly going to be top of most companies priorities over the coming months.
Click to expand...

It isn't hard to implement, but to ignore it is to ignore privacy and the only reason companies would ignore this is to take a chance at making more sales through uncompliant lead and prospect engagements, or selling their databases to third-parties or make it available through an agreement.

POPI has been a long time coming. The last thing these companies would want, which don’t comply, is to have their database out in the wild. It will quickly become a legal priority even under the current circumstances.

Everyone is given 1 year to comply. It really isn't that hard, unless you are already exposed through whichever means.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter