South Africa's Protection of Personal Information (POPI) Act came into effect on the 1st of July 2020. We’ve written before about what that means and who’s affected (read more), but we know it can still be difficult to know whether you’re on track and what you need to do to ensure your business is compliant. Here are five things you should be doing:
1. Work out whether your business needs to comply with POPI or not, and if so, how
If your business is based in South Africa, then yes – POPI affects you. But, unlike GDPR, POPI is not applicable extraterritorial. If your headquarters are in South Africa or you process personal information and data in South Africa, then you need to comply with POPI.
It’s important to understand, however, that different businesses will have to meet different requirements. SMEs are subject to different requirements than large-scale enterprises, your existing security framework and data protection mechanisms may also already tick some of the boxes required.
2. Up-skill yourself and your team
Ensuring you and your team understand the requirements of POPI will empower you to make decisions and act in the best interests of your business and your clients while complying with POPI.
3. Figure out who your “POPI person” will be
Every business needs an Information Officer. It may seem like overkill, but it’s really not. Your data (and your client's data is valuable). By appointing an information officer, you’re not only acknowledging this but also ensuring you are taking responsibility for it. Of course, you need to make sure you empower and up-skill the person you select to make decisions regarding information security. You may want to engage a professional cybersecurity partner to help in this regard.
4. Work out the specific steps your company needs to take to comply
This might seem scary, but practice makes perfect. And help is available. If you’re unsure of how to start, choose an IT partner that understands your business and sector to help you along the journey.
5. Nail the basics
There are some basics you can implement that will go a long way in helping you to cover your POPI basics, such as encrypting data (including emails, customer databases and contact info of external people) and engaging a cybersecurity expert to train your employees on how to handle personal information and secure any breaches.
Contact us for more about cybersecurity and ensuring your business is POPI compliant.
