One of the most commonly asked questions we get regarding the Protection of Personal Information Act (POPIA), is whether it will ever be enforced, and to what degree. The answers to this are becoming clearer. The latest announcement from the Information Regulator is that they have established an Enforcement Committee Under pressure Info Regulator set up the Enforcement Committee | ITWeb in response to the large number of complaints that the Regulator has received.
Pansy Tlakula, the head of the Information Regulator says, “For the first time since its establishment in 2016, the regulator will be able to enforce its powers and provide an effective remedy to the complainants whose right to privacy and the right of access to information have been infringed.” So, to answer the question, “will the Act be monitored and enforced”, the answer is an absolute “yes”.
What does this mean for you?
If you have taken compliance seriously then nothing has changed. If you haven’t then you should be aware that you could be on the Regulator’s radar. Ensure that you have done everything you can to be compliant. It is long past the deadline for compliance, but if you still have some gaps in your compliance journey, rectify them as soon as possible.
Regardless of your compliance status, it seems as if the Regulator will focus on the complaints in the short term. Don’t interpret this to mean that you don’t need to become compliant just because you haven’t had any complaints. The simple message is to do everything you can in the shortest possible time to become compliant if you haven’t already done so.
If you still aren’t sure what you need to do to become compliant, you can find further information at POPIA – South Africa – Responsible Party, Operator and The Information Officer (priviq.com) and POPI Act Compliance | Protection of Personal Information (popiact-compliance.co.za).
Is there an upside to this?
Compliance is generally seen as an overhead, an unnecessary and unwelcome expense, and it can be. We believe that this needn’t be the case. You must comply; that is non-negotiable. But if you see managing information better as an opportunity to improve your business then there are potentially many benefits. These could be:
- Faster, easier access to the information that you need to run your business.
- Better sharing of information amongst internal departments.
- More trusted information (single version of the truth).
- Less duplication in paper and electronic formats.
- Accurate up-to-date information about employees, customers, suppliers and partners.
- More secure information, with less exposure to online threats.
- Lower cost of storing information through an effective retention and disposal process.
- Moving to more digital platforms in a structured, compliant manner, resulting in streamlined business processes.
- These are all real, tangible benefits that could be derived if you go about your POPIA compliance journey the right way.
Our service at IronTree will assist you in your compliance journey. We also offer comprehensive training for employees. If this sounds appealing, contact us at [email protected]
A big thank you to Paul Mullon, Managing Director at COR Concepts for his assistance in writing this piece.
Watch an interview with IronTree and Paul Mullon here.