Sections of the POPIA come into effect today, 1 July 2020
Progress is being made to promote the protection of personal information. President Cyril Ramaphosa has now announced the commencement of parts of the Protection of Personal Information Act (PoPIA). The remaining provisions of the Act will be addressed once the Information Regulator assumes its powers, functions and duties in terms of the Act.
The sections that will commence on 1 July 2020 include the conditions for processing personal information, procedures for dealing with complaints and provisions regulating direct marketing by means of unsolicited electronic communication. Sections 2 – 38, 55 – 109, 111 and 114 (1), (2) and (3) shall commence on 1 July 2020 and Sections 110 and 114(4) will commence on 30 June 2021.
End of life IT equipment
According to legislation, businesses are required to manage the complete destruction of all data when IT assets reach end-of-life. Xperien said that the company has partnered with Blancco to help clients comply with the growing number of data protection regulations and standards.
Xperien CEO Wale Arewa says businesses that process personal information must ensure that it is done in a lawful way. “The PoPIA Act is designed to protect personal information, especially in the case of data breaches and data theft.”
“Compliance is fast becoming a competitive advantage. Customers don’t want to be put at risk – data breaches and issues related to regulatory compliance, associated costs and loss of reputation will have dire consequences for businesses that suffer data breaches,” he explains.
As a specialist in data erasure and diagnostics, Blancco focuses on aspects of data compliance and cybersecurity that companies of all sizes need to take into consideration. Blancco provides thousands of businesses with an absolute line of defence against costly security breaches, as well as verification of regulatory compliance through a 100% tamper-proof audit trail.
“Within one year after the commencement of the Act, all forms of processing of personal information must be done in accordance with the Act. This will ensure that companies have adequate security measures when dealing with your private information,” he concludes.
How to go about compliance
“Although the entire PoPIA will not commence, most of the important substantive sections will take effect this month. For organisations to get their compliance in order, there will be a 12-month phase in period”, Dr Danie Strachan, Partner and Commercial Attorney at Adams and Adams told EngineerIT.
“All businesses in South Africa should now review their personal information processing and ensure that they will be able to comply with PoPIA’s requirements. Personal information is any information that relates to a living, identifiable natural person, or an existing juristic person (e.g. a company). To process such information, one must comply with the information processing conditions contained in PoPIA requiring a comprehensive and ongoing information management process.
Dr Strachen suggest that a business can take various steps to start this process, including:
- Establishing a PoPIA task team.
- Creating the necessary processes, notices, and other required documentations.
- Ensuring appropriate training of all relevant personnel.
- Reviewing the organisation’s processing of personal information and the type of information processed.
- Checking whether personal information will be transferred across South Africa’s borders and ensuring compliance with PoPIA’s requirements relating to this.
- Making sure that all direct marketing will comply with PoPIA’s requirements.
- Reviewing information security and safeguards.