With the implementation of the Protection of Personal Information Act, 4 of 2013 (“POPIA”) looming, it is crucial to determine whether your Company is POPIA complaint.
The crux of POPIA
There are broadly four aspects of POPIA that need to be considered in order to determine whether your Company is required to be POPIA complaint and whether it is in fact complaint therewith. The four aspects of POPIA that need to be considered include:
- Is the information being processed Personal Information in terms of the definition of Personal Information in section 1 of POPIA?
- Is consent of the Data Subject required for such processing and if so, has it been obtained in terms of section 11 of POPIA?
- Has the Personal Information been collected directly from the Data Subject or are the exceptions contained in section 12 applicable?
- The Data Subject must be informed of, inter alia, the purpose of the collection of the Personal Information unless the exceptions in terms of section 18(4) are applicable.
Although all Companies will have one year after POPIA comes into force to ensure that they are complaint therewith, it is advisable to now already determine whether your Company is non-compliant with POPIA in order that the necessary measures can be put in place to ensure that once POPIA comes into effect your Company is complaint.
These are just a few important aspects regarding the application and import of POPIA that need to be considered.
Should you require further information on POPIA or to determine whether your Company is complaint therewith or any related aspects, please feel free to contact Goldberg & de Villiers’ Corporate and Commercial Law Department on 041 501 9806 for personalized corporate and commercial law advice.