The operative provisions of the Protection of Personal Information Act (POPIA) came into effect on 1 July 2020, with a grace period of a year in which companies must ensure that they are compliant.
Legal firm Cliffe Dekker Hofmeyr said that companies must ensure that their business practices and the way they interact with customers, clients or consumers adhere to the requisite privacy laws, as well as confirming that the way they collect, store or process their employees’ information aligns with the protections set out in POPIA.
The firm has also provided a POPIA compliance checklist which aims to assist businesses.
It added that POPIA applies to both public and private bodies) with a general heat map to check its compliance levels and areas of risk relating to POPIA compliance and has merely been provided to assist in expediting the POPIA compliance process.
“The checklist does not make provision for every eventuality and serves only as a useful guide to assist businesses to start focusing on the most common instances where businesses need to be POPIA compliant,” Cliffe Dekker Hofmeyr said.
“The checklist should in no way to be construed as a substitute for seeking legal advice to ensure that your business is fully compliant with the requirements of POPIA.”
Preliminary steps
Dealing with information in your possession
Obtaining and processing information
Requests for access, correction and deletion
Direct marketing
Cross-border transfers
List of useful definitions
Commentary by Lucinde Rhoodie (director), Kara Meiring (candidate attorney), Ngeti Dlamini (senior associate), and Preeta Bhagattjee (director).
Source: BusinessTech