News / Firms News
May 15,2020
POPIA or POPI was promulgated on 26 November 2013. The Protection of Personal Information Act (POPIA) is intended to promote the right to privacy in the Constitution, while at the same time protecting the flow of information and advancing the right of access to and protection of information.
POPIA establishes the rights and duties that are designed to safeguard personal data. In terms of POPIA, the legitimate needs of organisations to collect and use personal data for business and other purposes are balanced against the right of individuals to have their right of privacy, in the form of their personal details, respected.
POPIA applies to a particular activity, i.e. the processing of personal data, rather than a particular person or organisation. Therefore, if you process personal data then you must comply with POPIA and, in particular, you must handle personal data in accordance with POPIA’s data protection principles.
Therefore, if you collect or hold information about an identifiable individual or if you use, disclose, retain or destroy that information, you are likely to be processing personal data. The scope of POPIA is very wide and it applies to almost everything you might do with an individual’s personal details including details of your employees.
Essentially, POPIA:
It should be noted that POPIA applies to:
The term “processing” in terms of POPIA has a very wide meaning. It is intended to cover any conceivable operation on data, ranging from collecting, recording and holding, to the subsequent disclosure and eventually destruction of data. Going forward, it is of the utmost importance that any responsible party should review, on a regular basis, its data processing activities. In particular a responsible party i.e. an organisation should form a view and take steps in order to:
It is always important to note that your organisation’s duties under POPIA apply throughout the period that the organisation is processing personal data and so do the rights of individuals in respect of that personal data. Therefore, an organisation must comply with POPIA from the moment it obtains the data until the time when the data has been returned, deleted or destroyed. In addition, the duties extend to the way the organisation disposes of personal data when it no longer needs to keep such data. Data must be disposed of securely and in a way which does not prejudice the interests and rights of the individual concerned.
It is important that every organisation understands at minimum the following about POPIA compliance:
This overview is intended to assist you in understanding the process of implementing POPIA compliance in your organisation. Information control is central to creating an environment in which POPIA processes and procedures may be successfully implemented and its principles maintained in your organisation.
Our services include:
Werksmans advises clients on all aspects related to data privacy and protection.
Unlocking the WHY, THE HOW & THE WHO Of The Protection of Personal Information Act (POPIA).
Compliance With POPIA – Data Protection and Privacy
Find out more
Time to focus: POPIA following on the heels of the coronavirus
Find out more
Werksmans POPI e-learning Course
Sign up now
NEWS / Legal Brief
Blackouts, further tariff hikes point to ‘inevitable’ financial distress for SA businesses this yearNEWS / Legal Brief
An exercise in Restraint of trade agreements, what not to do!NEWS / Legal Brief
Crypto asset regulation gaining traction in South Africa