Cybersecurity, privacy and the safeguarding of personal information are now more relevant to clients than ever before with the remaining provisions of the Protection of Personal Information Act, 2013 (“POPIA“) set to take effect within the next couple of months. In preparation for POPIA compliance and an overarching goal to deliver a superior digital experience to our clients and staff, ASL has been working closely with the attorneys at ENSafrica on POPIA compliance in association with management consultants from Kriel & Co who continue to pro-actively guide the firm on digital transformation and the practical implementation of POPIA compliant systems and policies.
A brief overview of POPIA in South Africa and requirements for compliance:
South Africa has privacy legislation in the form of the POPIA.
To date, most of the POPIA is still not in force and effect. In Africa, only 15 of 54 countries have some form of privacy legislation in place.
In the absence of active and adaptive legislation (i.e. legislation that can quickly adapt to changes in technological advancements) the privacy rights of individuals and companies remain at risk.
POPIA requires that a responsible party (i.e., ASL) must ensure that the eight conditions for lawfully processing personal information are complied with.
Chairperson of the Information Regulator, Advocate Pansy Tlakula, recently sent a request to President Cyril Ramaphosa to declare that the remaining provisions of the POPIA commence on 1 April 2020 (“commencement date“).
It is expected that the President will act on the request. A responsible party (i.e., a public or private body or any other person which, alone or in conjunction with others, determine the purpose of and means for processing personal information) will then be given a one year transitional period after the commencement of the Act to comply with its provisions.
That means that organisations will have to be POPIA-compliant by 31 March 2021. Non-compliance poses a significant threat to organisations which can range from 12 months to 10 years imprisonment for executives, a fine of R10 million – or both.
The steps ASL have taken to date:
ASL commenced with the necessary steps in 2018 to align the firm’s digital environment according to best practice or ‘privacy by design’, engaging with attorneys and consultants on the matter.
The firm has subsequently embarked on a digital transformation journey, primarily with an internal focus. Amongst other requirements, the firm updated its Cyber Policy, Privacy Policies and Risk Response with the goal of not only engaging in a ‘tick box’ exercise for compliance but to, more importantly, empower staff with the right knowledge on protecting client data during any given scenario.
ASL continues to create internal awareness for digital best practice among staff through internal marketing initiatives, the implementation of improved systems and pro-active testing of our digital environment.
As of 2020, the firm is in many ways operating as a POPIA compliant organisation well ahead of official compliance requirements.
ASL’s clients therefore enjoy peace of mind knowing that the firm is committed to delivering a professional service that continues to raise the bar in privacy and the protection of personal information.
Guidance and advice on compliance with the POPIA to ASL clients
The accountability rests on each of our clients to become compliant with POPIA and to take pro-active steps in this regard. As opposed to interpreting the POPIA as a threat or a compliance exercise, we invite our clients to consider this as an opportunity to discover how your business can transform to deliver a safer and more seamless customer experience.
For a once-off assessment on POPIA compliance, contact us at email@example.com