The Protection of Personal Information Act No.4 of 2013 (“POPI”) is nearing its long-awaited implementation. POPI has introduced a comprehensive set of principles, which will govern the collection, use, storage, transfer, sharing and destruction of personal information. The reach of the Act is wide, as it will apply to all businesses, as well as the South African government. The Act has been carefully considered and includes international best practice standards that will elevate South Africa’s data privacy protection to levels that more readily facilitate economic trade with nations sensitive about data privacy protection. Failure to comply with POPI can result in reputational damage, loss of customers, litigation and a fine of up to R10 million or 10 years in jail.
It is imperative that your business properly understands the in’s and out’s of your information obligations, as well as how to implement the correct systems and processes in order to be compliant and control your risk.
At Shepstone & Wylie Attorneys, a team of specialist attorneys within the Employment & Pension Law department deals with POPI Compliance.
Our expertise includes inter alia:
- Access to personal information
- Cloud computing
- Direct marketing
- Documenting processing activities
- Lawful sourcing of personal information
- Minimal collection of personal information
- Mitigating security breaches
- Notification duty
- POPI enforcement
- POPI principles, rules of thumb and checklists
- Practical advice on how to interpret POPI and how to apply it in your organisation
- Prior authorisation from the information regulator
- Responsibilities regarding data quality
- Retention, restriction and destruction of personal information
- Securing personal information
- Special personal information and personal information of children
- The information officer
- The outsourcing of personal information processing (operators)
- Trans-border flow of data
- Transferring personal information across borders