POPI Act in South Africa – As of the 1st of July 2021, all South African companies need to be POPIA compliant. The operative provisions of the Protection of Personal Information Act (POPIA) came into effect as of 1 July 2020, with a grace period of a year in which companies must ensure that they are actively compliant.
If your company is not yet POPIA compliant please see the checklist below of how you can ensure your website is POPIA compliant within South Africa.
Please note that the checklist below should in no way to be construed as a substitute for seeking legal advice to ensure that your business is fully compliant with the requirements of POPIA. The list below is a general checklist that you can use as a useful guide to help you on your way:
- First off, here is a general checklist from BusinessTech.co.za of everything you need to know about POPIA within South Africa.
- All information about a user can only be taken or used with the user’s consent. For example, if a user fills out a contact form and then gets added to a mailer without their consent you are violating the POPI Act. The user needs to be asked, ‘Would you like to be added to our Newsletter?’ If they choose to say yes, then it is by consent that you can now send them regular business newsletters.
- When you receive a user’s personal information, even after they have granted you consent of their personal information, this by no means allows you to sell or share their information with any other individuals or businesses. Sharing others’ information is a violation of the POPI Act, as they have only given you consent to use their information in your personal capacity.
- All users have the right to extract their information from you at any time, even without notice. You could use an ‘unsubscribe to newsletter’ type function for this regarding newsletters, and if a client emails you directly to delete all their information, you must do so immediately and without argument.
- If you are looking to get information out of a user, using a website form for example, the user needs to know exactly what their information is going to be used for. This is why your terms on your website is of utmost importance. You should provide a detailed description of how their information will or will not be used. In addition to this, you should inform them that they have the right to extract their consent at any time.
Please view more about this by following this link: https://www.cookiebot.com/en/popia/
If you would like us to set this up for you and get your website fully compliant with Cookies, follow this link to apply: https://manage.cookiebot.com/goto/signup?rid=E7ELL (After following this link you will find an example of the consent popup at the bottom of the page.)