How the POPI Act could impact your business

Tue, 06/10/2020 - 09:08

As of July 2020, the South African Protection of Personal Information Act 4, 2013 (POPI or POPIA) has finally come into effect. This is, of course, with the exception of Sections 110 and 114(4), which are projected to come into action next year, June 2021. 

Understanding the POPI Act in South Africa

The POPI Act is a data privacy law, which aims to manage how organisations collect, use, store, delete and distribute personal information. The government explains that the Act is designed for customer protection by “promoting the protection of personal information processed by public and private bodies”. It was created with a strict criterion in mind, “providing for the establishment of an Information Regulator to perform certain duties and functions of this Act, as well as the Promotion of Access to Information Act 2000 (PAIA).”

Why this Act matters to every business owner

The digital marketing environment is constantly changing, and new rules are frequently introduced that carry heavyweight. That’s why it’s important for digital organisations to be aware of, and follow the necessary protocol in order to avoid penalties and reputational damage. 

Every marketing department deals with collecting, processing, using, storing and deleting customers’ personal information. Whether it’s for newsletter email marketing or any other type of email marketing campaigns, your marketing professionals need to be aware of what the POPI Act entails and establish strict compliance measures. It’s important to note that failure to comply with the legislation can result in severe consequences. In section 107 of the Act, it explains the penalties that apply to respective offences. For example, the more serious offences can cost your business a maximum of R10 million fine or imprisonment for a period not exceeding 10 years or to both a fine and such imprisonment. Moreover, your organisation might face significant reputational damage that could potentially be far worse than paying a fine. 

All organisations are given a grace period of a year, starting from the date the Act comes into force. This means that you have until before the 1st of July 2021 to comply with the POPIA. 

According to this article, the chairperson of the Information Regulator, Pansy Tlakula, explained that while the Act only officially came into effect in July of this year, it has already been introduced and signed into law in 2013. “Those who have practices that do not comply with the Act will have to ensure they change those practices and bring them into conformity with the Act.” “Between now and the first of July next year, for instance, we can’t take any action against anyone because people have a one-year grace period to comply,” she added.

What does compliance look like for your marketing department?

Compliance is a priority for your business; you need to understand how to collect personal information and how to use it responsibly and with consent from your customers. For example, when your customers opt-in to receive email newsletters, it means they want to hear from you only for email newsletters. Additionally, your customers need to have easily accessible opt-out options, should they feel they no longer want to hear from you. 

Now, how do you achieve this? You can start by considering the following:

  • Create awareness

The first step would be to create awareness within your organisation. If you’re unsure of how, you can enlist the help of an email marketing agency or a B2B advertising agency, you need to ensure that everyone is aware of the POPIA. Make sure that everyone understands what’s expected of them, related to their daily duties related to POPI compliance for marketing and the processing of personal information of your customers.

  • Appoint an information officer

If your company doesn’t already have an information officer, it’s time to appoint one. Ensure that the person chosen for this position understands their role in overseeing POPI compliance requirements and all POPI direct marketing collateral.

  • Create a compliance framework

The framework will set out a structured plan on which processes to follow regarding your organisation’s compliance with the POPIA. It will also outline when and how to implement these processes and how to ensure that it’s followed on a consistent basis.

Final thoughts

The POPI Act is a law that sets out to protect customers from potential harm, which may be caused by the use of their personal data. This means that all organisations and agencies who specialise in digital marketing in South Africa, such as us here at Rogerwilco, need to comply with the Act. Failure to do so could lead to your company receiving fines, imprisonment and paying out damages claims.

Need Assistance with Digital Strategy?

Rogerwilco’s team of strategists, business analysts and data scientists is here to help.