South Africa's new data privacy laws take effect tomorrow - How to ensure compliance

Hanno Labuschagne

Expert Member
Staff member
Joined
Sep 2, 2019
Messages
1,251
South Africa's new data privacy laws take effect tomorrow - How to ensure compliance

South Africa’s Protection of Personal Information Act (POPIA) is set to come into effect from 1 April 2020.

The Act concerns the processing of personal information by companies and other agents, introducing a number of new laws which clamp down on user and employee data processing.

According to KnowBe4 Director of Data Privacy Lecio De Paula, the legislation will have an implementation period of around one year, and many organisations have already begun taking steps to comply with the legislation.
 

Fulcrum29

Honorary Master
Joined
Jun 25, 2010
Messages
35,270
Speaking of which indirectly on topic, the one thing this lockdown has achieved, I haven't had a single robot or telemarketer call me.
I am interested in how businesses will now be going about in reengaging with their ‘databases’ to obtain consent. POPI is still untested, cases are still to be made.

There are various things businesses can still do, like hosting overseas, but compliance applies. You need to be a responsible party and or operator, and customers or any person or entity which engages with your service or product needs to understand and consent where their data will be stored and how it will be protected and, and, and…

Long terms, conditions and other privacy clauses won’t cut it anymore, those who engage with your product need to comprehend everything and give consent, and be able to withdraw said consent.

Call centres will be mad about this, and those supplying them with communication will also be mad but a little bit less so. POPI isn't there to hurt businesses, it is to ensure good and ethical practices.
 

Fulcrum29

Honorary Master
Joined
Jun 25, 2010
Messages
35,270
Yo, you listening multinationals?!

Better be.
Many multinationals already abide by GDPR, and some businesses here are already compliant with GDPR, and many will need to play catchup in terms with POPI.
 

MirageF1

Executive Member
Joined
Jun 29, 2018
Messages
6,306
Many multinationals already abide by GDPR, and some businesses here are already compliant with GDPR, and many will need to play catchup in terms with POPI.
Not enough.
Never enough.

They need it rammed down their throats (HARD!) before they usually comply.
 

wizardofid

Executive Member
Joined
Jul 25, 2007
Messages
6,730
I am interested in how businesses will now be going about in reengaging with their ‘databases’ to obtain consent. POPI is still untested, cases are still to be made.

There are various things businesses can still do, like hosting overseas, but compliance applies. You need to be a responsible party and or operator, and customers or any person or entity which engages with your service or product needs to understand and consent where their data will be stored and how it will be protected and, and, and…

Long terms, conditions and other privacy clauses won’t cut it anymore, those who engage with your product need to comprehend everything and give consent, and be able to withdraw said consent.

Call centres will be mad about this, and those supplying them with communication will also be mad but a little bit less so. POPI isn't there to hurt businesses, it is to ensure good and ethical practices.
Will see what happens, a week or two just before the lockdown, got calls from African Bank, Standard Bank, old mutual, and cellc all requesting me by name and surname, wanting to peddle insurance and various other services, considering I haven't used or currently using any of the above companies in 15 odd years and having changed contact numbers and addresses a few times and them having up to date info, including things like ID numbers and such, really pissed me of. Database removal also doesn't seem to work either.
 

Fulcrum29

Honorary Master
Joined
Jun 25, 2010
Messages
35,270
Not enough.
Never enough.

They need it rammed down their throats (HARD!) before they usually comply.
You have a right to ask them now how your data is stored and protected, and the remedies they will pursue when your data is vulnerable. You also have the right to consent to this and withdraw your consent.

It is also your choice with who to contract with to provide you with services or products.

DO NOTE:


Many people want to know what the POPI commencement date (or POPI effective date) will be. It seems likely that the commencement date will be 1 April 2020. It is important because the grace period of one year starts running from the commencement date – the clock starts ticking. You must comply with the POPI Act and the Information Regulator will start enforcing the POPI Act one year after the commencement date.
Best to start complaining on April 1st, 2021 ;)
 

Asgard85

Well-Known Member
Joined
Mar 31, 2016
Messages
432
Speaking of which indirectly on topic, the one thing this lockdown has achieved, I haven't had a single robot or telemarketer call me.
I have and to be honest I was pretty surprised by that. I wasn't expecting any.
 

MirageF1

Executive Member
Joined
Jun 29, 2018
Messages
6,306
I probably knew all this way before you.
Was living in UK for 15 yrs , from 2002-late 2017.

Doesn't change what I was saying one bit.

They ALL need it rammed down their throats (HARD!) before they usually comply.

P.S Still waiting for %$^%$ Barclays to send me ALL my personal data they hold I requested 5 months ago.
Busy taking it up with the Ombudsman...
 

David101

Expert Member
Joined
Sep 21, 2012
Messages
1,143
South Africa's new data privacy laws take effect tomorrow - How to ensure compliance

South Africa’s Protection of Personal Information Act (POPIA) is set to come into effect from 1 April 2020.

The Act concerns the processing of personal information by companies and other agents, introducing a number of new laws which clamp down on user and employee data processing.

According to KnowBe4 Director of Data Privacy Lecio De Paula, the legislation will have an implementation period of around one year, and many organisations have already begun taking steps to comply with the legislation.
Isn't it so ironic that tomorrow is also April Fool's day?
 

Fulcrum29

Honorary Master
Joined
Jun 25, 2010
Messages
35,270
I probably knew all this way before you.
Was living in UK for 15 yrs , from 2002-late 2017.

Doesn't change what I was saying one bit.

They ALL need it rammed down their throats (HARD!) before they usually comply.
...or you could report them?
 

garp

Executive Member
Joined
Aug 2, 2004
Messages
8,446
I suspect that POPI compliance is not exactly going to be top of most companies priorities over the coming months.
 

Nemoneiros

Expert Member
Joined
Feb 14, 2012
Messages
4,181
South Africa's new data privacy laws take effect tomorrow - How to ensure compliance

South Africa’s Protection of Personal Information Act (POPIA) is set to come into effect from 1 April 2020.

The Act concerns the processing of personal information by companies and other agents, introducing a number of new laws which clamp down on user and employee data processing.

According to KnowBe4 Director of Data Privacy Lecio De Paula, the legislation will have an implementation period of around one year, and many organisations have already begun taking steps to comply with the legislation.
joke?
 

Fulcrum29

Honorary Master
Joined
Jun 25, 2010
Messages
35,270
I suspect that POPI compliance is not exactly going to be top of most companies priorities over the coming months.
It isn't hard to implement, but to ignore it is to ignore privacy and the only reason companies would ignore this is to take a chance at making more sales through uncompliant lead and prospect engagements, or selling their databases to third-parties or make it available through an agreement.

POPI has been a long time coming. The last thing these companies would want, which don’t comply, is to have their database out in the wild. It will quickly become a legal priority even under the current circumstances.

Everyone is given 1 year to comply. It really isn't that hard, unless you are already exposed through whichever means.
 
Top