PoPIA is Imminent, Are You Ready?

After nearly a decade of ‘it’s nearly here’ the Protection of Personal Information Act’s (PoPIA) arrival is genuinely imminent. Compliance with the Act is viewed as being expensive, intimidating, and confusing – leaving many businesses of all sizes unsure of how to approach the challenge. Small businesses may become daunted by the apparent cost of compliance. The real question is, can any business afford non-compliance?

PoPIA is designed to protect personal information processed by public and private bodies. “Personal Information” is that data which alone, or in combination allows a person to be uniquely identified, and any information that may tell the reader something about someone. The Act came into effect on 1 July 2020, with a 12-month grace period. From 1 July 2021, non-compliance will come with substantial penalties, including: a fine or imprisonment of between R1 million and R10 million or one to 10 years in jail; and financial compensation for damages suffered by data subjects.

In a world that has already been forced to digitise faster than ever before, concentrating on another area of restructuring may appear overwhelming. For this reason, local provider of e-signature solutions in South Africa, Impression Signatures, has embarked on a campaign to demystify PoPIA, making reliable information available to businesses of all sizes, at no cost. This campaign drives compliance by explaining not only why it’s important, but the terms, requirements, and obligations created by the Act too.

POPIA is quite clear, the burden of proof that consent was obtained rests with the ‘responsible party’; the entity or person responsible for gathering the information. This means that it is up to the business to prove that they got consent from the customer, and not the customers responsibility to prove that they gave consent. It is expensive because systems that were not planned or designed with privacy in mind struggle to retrofit changes into legacy models and processes. In some cases, everything needs to be re-engineered.

If the data is retained for any reason it must be safeguarded. This includes securing storage of this data so that unauthorised third parties do not have consent to access this data, and that people within the organisation, who are not part of the legitimate processing of that data do not have access either. These data management activities should also be provable, so a company should be able to prove that customer data is safe.

“Accessibility is key, and many small businesses simply cannot afford expensive lawyers, consultants, or data consulting experts to help them re-engineer their processes. We place a large focus on accessibility. It’s why our software runs on USSD – because we understand that not everyone has a smart phone, and that shouldn’t preclude them from participating in the local (or global) economy,” confirms Carrie Peter, Solution Owner at Impression Signatures.

Peter confirms that, much like the General Data Protection Regulation (GDPR), PoPIA comprises three main principles: who can have access to data; what data can they have access to; and how can they use this data? The Impression PoPIA Campaign seeks to explain the definitions in a more palatable format, while giving businesses confidence in their approach to compliance.

With this information at hand, organisations are empowered to take a risk-based approach to compliance. “Operating in accordance with the Act must be accessible to all. The focus should be on affordable solutions, and reliable guidance that helps businesses embrace a cost-based, business centric approach to applying PoPIA. Businesses must understand their appetite for risk, and the level of data security that each individual contract requires,” concludes Peter.

Issued by Perfect Word Consulting (Pty) Ltd

For more information, contact perfectword@trinitas.co.za

- ENDS -

Boilerplates:

About Impression Signatures

Founded in 2011, Impression Signatures (an iOCO company) is the leading provider of e-signature solutions in South Africa. Our patented approach is locally created whilst committing to making this innovative technology available to the public enabling true social inclusion to fully realize digital transformation in South Africa. For more information, visit www.impression-signatures.com.

About iOCO
 

Established to simplify ICT, iOCO is Africa’s leading integrated technology services company, with the largest concentration of skills on the continent. As a Level 1 B-BBEE end-to-end ICT managed service provider and Cloud systems integrator, iOCO operates with over 20 years’ experience. Its team of more than 4500 specialists delivers Open Digital Integrator, Enterprise Applications, Data and Analytics, Compute and Platforms, and Manage and Operate solutions to over 1 000 customers.

Inspired by digitally native internet organisations (iO) and creative organisations (CO) of the future, iOCO helps customers navigate the path to an exponential future. To achieve this vision, iOCO holds strategic OEM partnership agreements with more than 90 global leaders.

The fourth industrial revolution brings not only exponential opportunity, but exponential challenges too. The key to succeeding in this two-speed world is finding a digital journey partner that has the expertise needed to drive unprecedented growth. iOCO offers modern solutions that meet the demands of the cloud economy and 4IR.

For more information, please visit: www.ioco.tech.