The Protection of Personal Information Act (POPI) seems to have been around a long time. It has. It came into law in 2014 however most of the Act was suspended until the Regulator, tasked with administering and enforcing the Act, was up and running.
Well that has happened and all suspended sections of the Act come into law on 1 July 2020.
The Act will affect everyone that collects and stores or further processes the personal information of clients, customers or patients. Think of the application form for credit or the form you fill in as a new patient at the doctor’s rooms.
The Act places strict obligations on the person or business who collects this information, some highlights being:
- You cannot retain the information for longer than is necessary for achieving the purposes for which it was collected;
- The information so retained must remain complete, accurate and accessible to the person whose information it is;
- The person from whom the information is collected must be informed of the reason for its collection and that he has the right to object to its further processing; and
- You must safeguard the integrity and confidentiality of the information collected.
The authorisation of the Regulator would need to be obtained, should a person in receipt of personal information want to use the information for a purpose other than the specific purpose for which it is given.
The Act will also, thankfully, bring an end to the processing of personal information for the purposes of direct marketing. This practice is prohibited unless the data subject has given his consent.
The Regulator wields a big stick in being able to fine a transgressor an amount up to R10 million.
Contact Taberer Attorneys if you need assistance with understanding what POPI means within your business.