POPI ACT: PROTECTION OF PERSONAL INFORMATION ACT
Apr 1, 2021
All South African businesses need to comply with this act on 1 July 2021. All companies will need to obtain permission from clients before they can robocall, email, WhatsApp or SMS them.
A company may not sell personal and business information to a third party. Companies have accumulated large data bases of contact details of consumers’ names, ID numbers, cell numbers, emails. These data bases are bought and sold on the open market.
From 1 July 2021 this is illegal.
Business responsibilities towards the consumer:
All opt out options on SMS marketing communications must now be free of charge, and voice calls will still be permissible.
If you close any form of account or a rewards programme, the company must remove and destroy all your data, not only electronically but also hard copies.
Active information of all clients must be stored safely.
Employers will be expected to request permission from an applicant to contact references on a Curriculum Vitae. On resignation, a CV and personal file may only be retained by the company for the purpose it was intended for, if the employee has given consent.Companies are required to have an Information Policy in place and train their employees on the POPIA. An Information Officer must be appointed. There must be a dedicated information storage area. The Privacy Information Policy must be available on the website of the company.