POPI compliance remains a challenge for many SA businesses
South Africa’s Protection of Personal Information Act (POPIA) officially came into effect in July and many businesses are still facing compliance challenges in how personal information is stored and processed.
According to Sameer Kumandan, Managing Director of SearchWorks, South Africa’s largest innovative data aggregation platform, businesses should have already analysed their internal policies, processes, and procedures, and aligned them to the most applicable data privacy standards in the POPI Act. “It’s also crucial that organisations understand the role their business has as either a responsible party or a processor as well as ongoing training to ensure all areas of the business are POPI compliant.”
The POPI Act’s purpose ensures that the right to privacy is taken seriously and includes a data subject’s right to be protected against any unlawful collection, retention, dissemination and use of their personal information. These rights are subject to justifiable limitations, including balancing the right to privacy against other rights, particularly the right of access to information.
“From a technical perspective, businesses should consistently ensure the security of their IT environments to prevent data leakage. This is in addition to ongoing reviews of how information enters and exits the organisation and the impact of this on day-to-day business activities,” notes Kumandan.
As South Africa’s largest innovative data aggregation platform, Kumandan says SearchWorks began its formal data privacy journey in 2019, allowing SearchWorks to have a steady, engaging compliance program that managed the impact for all clients while still achieving all necessary privacy objectives. “As SearchWorks has been dealing responsibly with data, and its retention and being subject to audits by the NCR for a number of years, there were no major new rules to implement ahead of the July POPIA deadline.”
He adds many businesses are currently wrestling with regulations enforcing informed consent, how to handle a breach should one occur, the rights of access to personal information, how to handle consumer queries and staff training, and how designate the role of official information officer.
“SearchWorks allows users to perform live, credible individual, company, and property searches via more than 160 different search types. Businesses can rest assured that the privileges and rights of all our consumers have been a high priority for SearchWorks and will continue to be dealt with in a responsible manner, says Kumandan.
While there may be some residual challenges for organisations to iron out, Kumandan says the act is a welcome development as it allows a greater sense of ownership for the data subjects for the validity and use of their data, as well as a far greater onus of responsibility for both responsible parties and operators. “POPI compliance can assist businesses of all sizes build a more trusting relationship with customers, and the public more generally. As consumers become increasingly concerned with how their data is handled, demonstrating transparency and responsibility makes good business sense.”