THE Jeffreys Bay community is financially and economically highly dependent on its members. In this town, the nature of business is characterised by trust, respect and long-lasting relationships.
However, in my personal engagement with business owners, to date, their reaction to the Protection of Personal Information Act (POPIA) compliance, has been either characterised by ignorance or by a general feeling of compliance under duress.
It is at this point that I feel the need to remind this community that we, as business owners, not only value the trust that our clients place in us, but we need them to trust us. By becoming POPIA-compliant, we prove to our clients that we are worthy of their trust, specifically in that the personal information that they provide to us, will be respected and protected.
Purpose of POPIA
In essence, the enactment of POPIA, boils down to the law forcing us to protect the personal information of our clients, which they have entrusted to us, with the due respect it deserves.
July 1, 2021 – deadline for compliance
The deadline for compliance to POPIA came into effect on July 1. If you have not yet registered your information officer (IO) with the Information Regulator and do not have a written policy on how you protect the personal information of your clients, it in effect means that you are currently holding and processing the personal information of your clients unlawfully.
Fine and/or imprisonment
This leaves you vulnerable to a fine of up to R10 million and/or imprisonment of up to 10 years, not to mention the possibility of a civil claim for damages if the privacy of the personal information of your client(s) has been breached.
Solution – comply ASAP
POPIA compliance should be a relatively quick, painless and inexpensive exercise.
For starters, you will need to register an IO with the Information Regulator.
Registration of your IO is free of charge and can be done by downloading and completing the online registration form and submitting it either by means of the online portal or by e-mailing the form to the Information Regulator.
Secondly, you need to have a written policy in place which addresses the ‘what, why and how’ with regard to the personal information of your clients and the processing of such information. Such a written policy simply forces us to rethink and evaluate the type and purpose of information that we hold and process and the measures in place to protect this information.
I urge the readers to make sure that they protect themselves and their businesses against the hefty consequences of non-compliance as soon as possible. Furthermore, such compliance holds the benefit of marketing your business as “Proudly POPIA-compliant”, which in turn confirms that you are worthy of the trust that your clients place in you when it comes to the protection of their personal information.
Please Note: The purpose of this article should not be construed as a comprehensive guide for compliance as required by the Information Regulator under the Protection of Personal Information Act (POPIA) but rather to encourage the readers to embrace POPIA compliance.
