POPIA coming into force is good news for all - IronTree

For COVID-19 updates, visit official government website www.sacoronavirus.co.za

POPIA coming into force is good news for all

I bet you’re looking forward to the day when you don’t get calls from insurance companies trying to sell you life cover, or new and improved broadband?

With the Protection of Personal Information Act (POPIA) soon to be in force for all organisations in South Africa, unsolicited calls and messages should soon be a thing of the past. Why?

Because organisations will no longer be allowed to share your personal information without your consent. They also won’t be able to use it for any purpose other than the one you’ve given the consent for.

So, unless you’ve told a business they can share your information with marketing companies, internet usage analysts and other third parties, you should receive fewer unsolicited voice spam calls and messages, robocalls (automated spam), and cold-callers from 1 July 2021.

I say fewer, because no doubt some companies won’t have become compliant with the new regulation on 1 July, and may take a chance on non-compliance until they’re fined and possibly even jailed for abusing, selling, losing or unlawfully using personal information.

The Information Regulator of South Africa makes it clear that from 1 July 2021 failure to comply with certain provisions of the regulation “may result in an administrative penalty of up to R10 million or to imprisonment for a period not exceeding 10 years, or to both a fine and such imprisonment.”

Extension for processors of certain categories of special personal information

However, organisations that process certain categories of personal information have until 1 February 2022 to become compliant. This includes those who:

  • process unique identifiers such as bank account details, ID numbers and phone numbers of data subjects for a different purpose to what the identifier was intended at collection, with the aim of linking the information with information processed by other responsible parties
  • process criminal or objectionable behaviour on behalf of third-parties
  • process personal information for credit reporting
  • transfer special personal information or the personal information of children to a third-party in a country that doesn’t have acceptable data protection laws

NOTE: Organisations who process personal information in the above categories need to obtain prior authorisation with the Information Regulator by 1 February 2022. This way they will remain within the law.

As with the General Data Protection Regulation (GDPR) in Europe, the intention of POPIA is not to stop the free-flow of information but to ensure information that is collected is kept safely, not sold to third parties, not lost and not used or kept for longer than is necessary for the original purpose. It also aims to balance the right to privacy against other rights, such as access to information.

If after 1 July 2021 you receive spam, unsolicited calls and automated messages, it means the personal data you entrusted to a company was either lost, sold or shared illegally – unless you gave consent for the company to pass your info on.

However, all companies who hold your personal information should be in touch with you at least annually to ensure the info hasn’t changed and that you still give consent for them to keep, share, or process it.

For example, if you buy a computer (or anything) and the shop asks for your name and phone number, they’re not allowed to share that information with anyone else or send you marketing material without your consent.

If you’ve unwittingly given them consent in the past, they can carry on contacting you until you ask them to stop. When you ask them to stop, they then have to.

The right to privacy
Thanks to POPIA, South Africans will soon have the right to their information privacy. Your email address and phone number shouldn’t be sold to marketing companies without you knowing, and your banking details on commerce websites shouldn’t be in danger of being hacked by cyber criminals.

All going well, marketing calls from strangers saying “Hello, how are you?” should soon be a thing of the past.

If you’re not sure what your company needs to do to become compliant, complete our quick survey to find out.

Talk to us about POPIA

We are taking all necessary precautions around the COVID-19 situation. Our offices are closed and our team members have each been set up to work remotely in self-isolation at home. As far as possible IronTree will maintain business as usual. All our resources such as server platforms, transactional capacity, telephony and electronic communications, including video meeting facilities, have been configured in the cloud and are 100% operational. Please feel free to contact us if you require our assistance. Stay safe!
One of our team members will be happy to help answer any questions you have!
Just click the chat icon in the right-hand corner.