What is the POPI Act exactly?
The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU General Data Protection Regulation (GDPR). The purpose of the Protection of Personal Information Act is to protect people’s personal information. This includes establishing policies to ensure companies and individuals that manage personal information take measures to safeguard the privacy of people’s information which is a fundamental human right. The Act sets out specific conditions which outline when it is lawful for someone to process someone else’s personal information. The POPI Act is important because it compels companies to protect people’s data from harm.
If your company is involved with managing, processing and storing client and customer information then it is important to understand the depth and breadth of the act. If your business operates in the financial, healthcare and marketing industries then the POPI Act will have far reaching implications for your business.
From an IT perspective, security risks and vulnerabilities in your network as well as outdated infrastructure, systems and policies can place your employees, business and even customer data at risk of being stolen or held ransom. The POPI commencement date was 1 July 2020 which makes the deadline for organisations to comply 1 July 2021. If you are unsure about whether or not your business is compliant with the POPI Act and would like an assessment of your current IT infrastructure and systems, call or email us today.