POPI
 

The Protection Of Personal Information Act

What is POPI?

The Protection of Personal Information Act (POPI) is new data protection legislation that was approved by the South African Government in 2013. The legislation was put in motion with the introduction of the Information Regulator in 2017 and will fully take effect towards the end of 2018.

POPI supports the Promotion of Access to Information Act of 2000 and compliance by public and private bodies will be monitored and enforced by the Information Regulator. Another responsibility of the Regulator is to issue codes of conduct for the different sectors and to make available guidelines to assist these bodies with their development and application of these codes of conduct.

How will POPI affect my business?

Businesses of all sizes will need to prepare for POPI and be able to demonstrate compliance. Focus will fall on the transparency that businesses will need to provide to the enforcing authority, namely the Information Regulator

The main data protection regulations that businesses will need to be aware of are:

  • Transparency and accountability of the purpose for which data is gathered

  • Harsher penalties for noncompliance

  • A requirement for increased auditing and reporting

  • Increased responsibility placed on data processors

  • Increased individual rights i.e. the right to be forgotten and subject data requests

  • Extraterritoriality

The cost of non-compliance

The Information Regulator will be the regulatory body that enforces POPI in South Africa. One of their functions is to administer fines for non-compliance. The fines can be substantial under POPI and can reach up to R10 million, imprisonment up to 10years, or both.

Expertise

How Redstor can help?

Redstor are ISO 27001 and 9001 certified and have almost 20-years’ experience in managing and protecting data across multiple platforms for organisations of all sizes, from Enterprises to SMEs to schools. Redstor have designed and implemented well-documented data protection policies that ensure all aspects of the Protection of Personal Information Act are upheld with regards to backup data and working with data processors.

Redstor have the ability to give insight into the data organisations have on their networks, advise on best practice to protect data and then implement strategies around backup, archiving and disaster recovery.

 

Have a question about POPI?