Image
Icon

Directory

IconAccounting & Tax
IconActuaries
IconAdministrators
IconAppraisers & Valuers
IconArbitration Services
IconASIB
IconAssessors & Loss Adjusters
IconAssist and Lifestyle Benefits
IconAssociations & Institutes
IconAuditors
IconBBBEE Consulting and Verification Agencies
IconBroker Acquisition Financing
IconBrokers for Brokers
IconBusiness Process Management
IconBusiness Process Outsourcing
IconCall Centre Outsourcing & Sales
IconCompany Secretarial Services
IconCompliance
IconConsumer Protection
IconCorporate Governance
IconCredit Bureaus
IconDebit Order Collection Facilities
IconDefensive Driver Training
IconEducation and Training
IconEmergency Medical Rescue
IconFAIS
IconFire, Storm, Flood Damage Specialists
IconForensic Investigation Services
IconHuman Resources
IconIndustrial Cleaners
IconInformation Technology and Software Partners
IconInsurance Companies
IconLegal
IconLightning Damage & Surge Protection Specialists
IconNiche Insurance Products
IconOmbud
IconOutbound Sales
IconOutsourcing Companies
IconPolicy Administration
IconPremium Financing
IconPublic Loss Adjustors
IconPublications
IconRating Agencies
IconReference Books & Material
IconRegulatory Authorities
IconRisk Finance
IconRisk Management
IconRisk Surveyors
IconSalvage Operators
IconSpecialized Claims Investigations & Assessing
IconSurveys and Research
IconTraining Courses & Workshops
IconUnderwriting Managers
IconVehicle Accident Management
IconVehicle and Household Risk Inspection Services
IconVehicle Tracking
IconWellness Programs
IconWholesale Brokers
IconZZZZZZ
Image
  Subscribe To »

POPIA 101

Published

2021

Thu

01

Apr

All businesses with employees, customers and suppliers must comply with POPIA, which comes into effect on 1 July 2021. Here is a practical guide to the most important aspects

 

With the commencement date of the Protection of Personal Information Act 4 of 2013 (POPI) of 1 July 2021 fast approaching, businesses should be reviewing their use of personal information to determine if it complies with the Act. It is important to understand that any business that has employees, customers and suppliers must comply with POPI when dealing with personal information. Below are a few tips on ways businesses can kick-start their compliance exercise.

 

Figure out what personal information you process and why

 

Under POPI, a business must be able to justify why it holds personal information based on one of the several justifications set out in POPI.  This is a good opportunity for a business to assess what information it collects (whether from employees, customers, services providers or other third parties such as credit bureaus) and review whether that information is actually necessary for the purposes for which it was collected.  In this regard, minimality is key – business should not collect more personal information than is required. Importantly, the term "personal information" is defined very broadly to mean any information that can be used to identify an individual person or another business entity. 

 

 

Get rid of what you do not need

 

Under POPI, a business cannot keep a record of personal information once the reason for which it was collected no longer exists, unless required by law.  For example, unless required by law, a business should not keep personal information of any former supplier when the relationship has ended.  Businesses should therefore check whether they are holding onto any old records of personal information that they no longer need and dispose of them in a secure manner.  It is important to note that more data means more risk and it is best to purge what is not required.

 

Look at security

 

Correct management of personal information means appropriate security must be in place to protect it. POPI requires a business to put in place "appropriate, reasonable technical and organisational measures" to prevent loss, theft, or damage to personal information.  The suitability of security measures will depend on the business and the type of personal information it holds.

 

Marketing

 

Opt-out marketing emails and SMSs are a thing of the past under POPI. Unless a person is an existing customer, a business cannot send him or her marketing emails or SMSs without first getting consent from the person. Any request for marketing consent must include language that is set out in Regulations to POPI. Businesses should therefore review their direct marketing practices.

 

Go for the easy wins

 

POPI compliance may seem like a daunting task but there are some "easy wins" when it comes to compliance.  Basic documents used by the business will likely need updating for POPI compliance. These include company privacy policies and employee and supplier contracts. All these documents should aid the business in proving its compliance with POPI.

 
Source: by Wendy Tembedza from Webber Wentzel
 
« Back to previous page Print this page » |
 

Breaking News »

Technical Excellence – Principles and Practice

Technical excellence is a term that is often cited in insurance, and especially so in relation to AGCS’s international clients with their complex risk profiles. But while it is frequently used, what does ...
Read More »

  

SAIA Bulletin -  March 2021

From the Desk of the Chief Executive: Viviene Pearson   In ...
Read More »

  

First edition of the Ombudsman’s Briefcase for 2021

In our first edition of the Ombudsman’s Briefcase for 2021 we take this opportunity to wish you a safe and prosperous year ahead. We face this year with a little more hope having emerged from a second wave ...
Read More »

  

Satrix scoops 10 SALTA awards including South Africa's favourite ETF

Satrix’s Top 40 ETF was yesterday named South Africa's favourite exchange-traded fund (ETF) for the fourth consecutive year at the 2021 South African Listed Tracker Funds Awards (SALTA). The index investment ...
Read More »

 

More News »

Image

Healthcare »

Image

Investment »

Image

Life »

Image

Retirement »

Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image

From The Glossary »

Icon

Unexpired Risk Provision:

The excess of the estimated value of claims and expenses likely to arise after the end of the financial year from contracts concluded before that date, insofar as their estimated value exceeds the provision for unearned premiums (after deduction of any acquisition costs deferred), and any premiums receivable under those contracts.
More Definitions »

 

Advertise

 

eZine

 

Contact IG

 

Media Pack

 

RSS Feeds

By using this website you agree to the Terms of Use.
Copyright © Insurance Gateway (Pty) Ltd 2004 - 2021. All Rights Reserved.