SA’s privacy law kicks in this July – which means 373 days until your business gets fined
- The Protection of Personal Information (Popi) Act gets expanded on 1 July, and all business will need to be compliant.
- Businesses have a little over one year – 373 days and counting – to get their data privacy affairs in order, or face fines of up to R10 million.
- The Act should finally mean an end of those annoying robot marketing calls.
- For more stories, go to Business Insider's home page.
South Africa’s major data privacy law comes into effect at the end of the month, and all businesses – big and small – will have one year from then in which to make sure they comply, or face fines of up to R10 million.
That makes for 373 days and counting as of 23 June.
The Presidency announced on Monday that sections of the Protection of Personal Information (Popi) Act of 2013 will come into effect from 1 July. The Bill was actually signed into law in 2013, but only a few parts of it have been implemented, such as establishing the office of the Information Regulator of South Africa.
That’s all about to change.
“The heart of Popi will come into effect on 1 July – the part that stipulates the new rules,” says Elizabeth de Stadler, co-founder of Novation Consulting and co-author of "A Guide to the Protection of Personal Information Act".
That means companies will have strict rules to follow about what they can do with your information, how long they can keep it, and on how they contact you.
And there’s not much time for businesses to make sure they’re compliant. They have just one year – to 1 July 2021 – to get everything sorted out. That’s all businesses, from guesthouses to multinationals. Fines can run up to a maximum of R10 million.
De Stadler warns that companies already compliant with the European Union’s privacy regulation, the General Data Protection Regulation 2016/679 (GDPR), aren't necessarily compliant with Popi yet.
“In my experience every business will need to be compliant, but Popi is based on a reasonable standard and the size of the company is taken into account. Everybody needs to comply, but a bank is going to be held to a very different standard than a BnB,” she says.
And Popi is a very good thing for South Africa, she says. “It’s good for business, the economy and individuals.”
“It’s the end of an era where companies can harvest your information and do stuff with it without your permission,” she says.
Direct marketing will be particularly hard hit, as people will now need to agree to being contacted – so no more cold calls or voicemails from robots.
“Say someone phones, and it’s a spammer. Yesterday you couldn’t do anything about it. Now you can lay a complaint with the Information Regulator,” De Stadler says. And thanks to Popi, the regulator has “quite a bit of clout”, not counting the reputation harm in just being hauled in front of the regulator.
It’s also good for the economy, she says. “South Africa is about thirty years behind the rest of the world when it comes to privacy.” That affects trade with countries or regions that do have strict data privacy laws, such as the EU. “Countries that don’t have these protections get left out, because they can’t easily do business with countries that do.”
Receive a daily update on your cellphone with all our latest news: click here.
Get the best of our site emailed to you daily: click here.
Also from Business Insider South Africa:
- Things some South Africans think are fine to say at work — but are actually racist and offensive
- Stuck without a webcam? Here's how to use your cellphone or tablet as a replacement
- Apple will unveil a bunch of new features coming to the iPhone, Apple Watch — here's what to expect
- Lockdown fashion in SA: Here's how officewear could change after the coronavirus crisis
- Tsogo to take over Mount Grace, Durban’s Edward after Marriott ditches the hotels