As of 1 July 2021, the Personal Protection of Information Act (POPIA) officially came into effect to protect every South African’s personal information and privacy. The enforcement of this new data privacy law is excellent news for civilians as it empowers us to control exactly who has access to our personal information and how it is stored and used. With a growing number of organisations collecting personally identifiable data to run their businesses, it’s important for the way this data is being processed to be regulated by a governing body to prevent fraudulent activity.
In this blog post, we’ll examine the main important points of POPIA and how it affects your online business.
What is POPIA?
POPIA is South Africa’s data privacy law that gives South African citizens rights over their personal information, including the right to access, correct and delete the information organisations may have of theirs.
POPIA requires all companies, organisations, legal entities and websites, irrespective of their physical location, that processes the personal information of a South African to comply with the data processing law of obtaining the correct consent from their users or customers to use their information. If parties don’t comply with POPIA they can face hefty fines of up to R10 million.
POPIA was first drafted almost two decades ago in 2003 and, before going through numerous iterations, finally came into force on 1 July 2020, with full enforcement on 1 July 2021. The final approved act is intended to protect your personal information and privacy and is modelled after the EU’s extensive General Data Protection Regulation (GDPR) that came into effect in May 2018. The GDPR is meant to be the toughest privacy and security law in the world as it imposes strict obligations onto organisations in any country that target or collect data related to people in the EU.
How does POPIA affect your online business?
If your business is located in South Africa and you process the personal information of South African customers, you are required to comply with POPIA. This means before you can process any of your customers’ personal information you’ll need to ask for their consent. For example, when a customer checks out on your online store and enters their email address, you’ll have to get their consent before you can save it to your database for future marketing purposes.
To be POPIA compliant you’ll also need to ensure all the personal information you store is secure, and that your customers have the ability to access, correct or delete any of their data that you have already collected. You can read the entire POPIA here to find out exactly how you need to comply.
How can being POPIA compliant help your business?
It can be extremely beneficial to your business if you communicate to your customers exactly how you are POPIA compliant. This can shine a positive light on your business and help you gain their trust. Online shoppers and consumers are more tech-savvy than ever, so it’s important to reassure them that you will protect their privacy and data against misuse and breaches.
A 2019 Data Privacy Benchmark study from Cisco reported that GDPR-compliant organisations are benefitting from their privacy investments beyond compliance, as they’ve experienced streamlined business processes, increased sales and increased investor appeal. This is a good indication of how POPIA compliant business in South Africa will fare as well.