An update from the Information Regulator advises of an extension to the 30 June 2021 deadline for the Protection of Personal Information Act (POPIA) compliance.
This does not include the majority of organisations, whose deadline is still 1 July 2021.
The 1 February 2022 extension applies to organisations who process certain categories of personal information, and include those who:
• process unique identifiers such as bank account details, ID numbers and phone numbers of data subjects for a different purpose to what the identifier was intended at collection, with the aim of linking the information with information processed by other responsible parties
• process criminal or objectionable behaviour on behalf of third-parties
• process personal information for credit reporting
• transfer special personal information or the personal information of children to a third-party in a country that doesn’t have acceptable data protection laws
NOTE: Organisations who process personal information in the above categories need to obtain prior authorisation with the Information Regulator by 1 February 2022. This way they will remain within the law.
Deadline still stands for most
For the majority of organisations who collect, process, store and share personal information as a matter of course for the running of their business, they will need to be compliant by 1 July 2021.
As with the General Data Protection Regulation (GDPR) in Europe, the intention of POPIA is not to stop the free-flow of information but to ensure information that is collected is kept safely, not sold to third parties, not lost and not used or kept for longer than is necessary for the original purpose. It also aims to balance the right to privacy against other rights, such as access to information.
For many small to medium-size businesses, POPIA compliance can seem a daunting task, but the process need not be difficult. There is dedicated compliance software available to simplify the task, and steer you in the direction of ongoing compliance.
If you feel in the dark about your compliance status, find out what you need to do to comply with POPIA by taking a short survey.