The Protection of Personal Information Act 4 of 2014 (POPI or POPIA) is a data privacy law in South Africa that governs when and how businesses use, keep, delete, and gather personal information. The act is the counterpart of the GDPR in the European Union.

The POPI ACT's long and short of it is that it exists to protect personal data. The need for the law's enactment came as a result of organisations' increasing proclivity to exploit sensitive private and personal data. We've all heard of data breaches, the most well-known of which were the Facebook – Cambridge Analytical data scandal and, more recently, the Experian data breach in South Africa.

Data collection and utilisation is quickly becoming the foundation of organisational activities, and thus its management is gaining importance as time passes. It is estimated that the Experian data leak alone affected 24 million South Africans and around 800,000 enterprises.

It, therefore, comes as no surprise that lawmakers conjured up the Protection of Personal Information Act.

The POPI Act was first enacted in 2013 with some reasons in mind:

• Promote the protection of personal information processed by public and private bodies;
  Establish  minimum requirements for the processing of information;
  
• Provide for the establishment of an information regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000;
  
• Provide for the issuing of codes of conduct;
  
• Provide for the rights of persons regarding unsolicited electronic communications and automated decision making;
  
• Regulate the flow of personal information across the borders of the Republic; and
• Provide for matters connected therewith. 

Failure to comply with the POPI Act might result in legal consequences. A non-compliant corporation may face one of two harsh penalties: a R10 million fine or the imprisonment of officers responsible for compliance for up to ten years.

So, how can you and your company avoid these heinous scenarios while also complying with the POPI Act? To begin with, the Act does not apply to all organisations in South Africa. It only applies to companies that engage with third-party personal information, whether corporations or individuals. However, if Instacom is your technology partner, you won't have to worry because we are fully POPI compliant.

Who should comply with the POPI Act?

The POPI Act applies to organizations processing private or personal information of South African citizens. It does not matter if the organisation is South African or not, furthermore for the purposes of the Act, “a South African citizen includes humans and juristic persons”. Is your business collecting, using or handling personal or private data in South Africa? If so, then it will have to be POPI compliant.

What is POPI Compliance?

This question has become increasingly popular among business owners in recent years, causing worry among entrepreneurs and business owners.

Compliance with the POPI act is not a huge concern; rather, as a business owner, the key issue will be establishing methods to secure private or personal data. Compliance with the POPI Act entails putting in place safeguards to ensure that an organisation collects, deletes, uses, handles, and stores data in the permissible manner.

Your firm must implement safeguards to protect private or personal data from unlawful access and loss. It may appear straightforward, but the organisation in issue will need to design a plan that is best suited to its operations.

Because different organisations will practise compliance in different ways, the measures used by your organisation will also change.

What benefits does the POPI provide for your business?

Data is one of the most valuable properties for most businesses. Without data, many businesses could be doomed. The POPI Act provides businesses with a great opportunity to have data at their disposal coupled with specified rules on how to manage the process of data usage.

This opportunity presents many companies with a chance to understand their customer behaviour and other customer metrics. Businesses can process data into valuable information to ensure better sales performance.

Conclusion

The POPI Act is a forward-thinking solution to personal and enterprise data privacy. The Act is much similar to the European Union General Data Protection Regulation. However, It seems like the POPI is one step ahead since it regulates corporate personal information whilst the GDPR doesn’t. 
Over and above everything, you need to comply with the POPI Act. Compliance will help you avoid unnecessary fines or imprisonment.

Article done by an external writer, Shephard Dube, from Rateweb.