Doesn’t quite have the same ring to it…

Truth be told, the Protection of Personal Information Act (and the feelings it evokes) can, at surface level, seem as interesting as a TED Talk by a member of congress (any member. It doesn’t matter). In truth, at first it seems like a lot of legal jargon and law speak, a mess of convoluted acts, policies and regulations that are seemingly for the benefit and protection of consumers, yet somehow doesn’t prevent Telkom from bombarding us with calls asking if we’d like to upgrade (we don’t).

A quick Google search of the term is, in fact, the greatest insomnia remedy known to man (just don’t tell our boss we fell asleep on the clock. Again). However, with a bit of deep diving (by this, we mean asking our lawyer friend to explain it to us in simple English), we’ve managed to distill it down into simple, easy to understand language – which may explain why it’s a bigger deal than you think.

You see, recent years have seen a lot of theft and misuse of people’s personal information (and no, we’re not talking about the content that made the Kardashian’s famous). Identity theft and cyber crimes are at an all-time high, which led to the need to set up regulations designed to protect your right to privacy (if only someone could explain this to the DA at election time). The PoPIA Act clearly defines the minimum standards required to access or process any individual’s personal information – this includes collecting, receiving, recording, organising, distributing, sharing, storing, or erasing said content (so goodbye to those annoying Mr. Delivery Emails – in theory, at least).

For a customer, this is great, as it means your chances of being spammed with unwanted content are vastly reduced. As a business owner, however, things get a bit tricky. You see, organisations (of any size) in a position to obtain, handle and store the info of a customer or individual must now adhere to the requirements and implement the mandatory steps required to safeguard them accordingly. This includes suppliers, customers, staff, service providers and databases – with non-compliance resulting in fines up to R10 million, 10 years in prison, or a combination of the two (insert joke about crime in South Africa here).

That last line is more sobering than a 2am phone call from your parents when you’ve snuck out to the club. In actuality, although the Act doesn’t exactly inspire feelings of unbridled excitement in society, it is a big deal – and one being taken very, very seriously by organisations and government alike.

So, let’s talk about where we come in…

Our PoPIA Advisory Services aim to help you understand what exactly you’re dealing with (you see, “I didn’t know” doesn’t hold up in court – just ask Oscar). The service does exactly what its name entails, allowing you and your business to operate at full efficiency without the ever-looming threat of breaching the Act, ending up in jail, or having to pay a fine the size of a medium meal at Nandos. Here’s how…

  1. We aim to identify areas within your business which can and will be impacted by the new requirements and obligations under PoPIA. Unless you have the legal team of Shabir Sheik or are really, really clued up in Privacy Law (no, five seasons of Suits doesn’t count), chances are you’ll need to evaluate your organisation and establish where this Act affects you. That’s where we come in, only we simplify it to make compliance that much easier.
  2. We then obtain a full analysis of the business Data Processing methods and Databases, which allows us to better understand where you could be going wrong with your vital information.
  3. We can also identify how high your chances of processing incorrect or inaccurate personal Data may be, and in doing so allow you to take preventative measures so as to avoid incurring any breach or penalties.
  4. Furthermore, we’re able to assess the methods in which you collect, use, store, transfer and discard personal information – anything non-kosher (or should we say non-compliant?) will be immediately identified and rectified.
  5. Next up, we’re able to assist your business in evaluating the handling of Data subjects’ access and erasure requests (in simple terms, we can navigate who has opted in or out to your databases).
  6. And, lastly, our team is ready, willing, and able to form a remediation plan, which in turn can help develop and implement a roadmap towards a PoPIA compliant journey.

We may not be Gerrie Nel (or, despite our best wishes, Harvey Spector), but we do know our way around all things PoPIA – which many organisations sadly don’t. It can be daunting, and there are many regulations and mandatory policies which your brand may not even know exist yet.

Our advice? Don’t overlook or underestimate the Act. The reputational damage alone is enough to cripple the biggest industry titan – then there’s also fines or possible (by which we mean probable) jail time. True, many of us would pay to see our boss in prison for a bit, but it’s no laughing matter when it’s the future of an entire business on the line.