Businesses in South Africa have historically collected, processed and often shared clients’ information freely, without too many regulations or rules applicable to this process. As a result, the general consumer has been blissfully unaware that his or her personal information would be stored on a central database for everyone to access within the organisation and for any reason. Large companies have also shared or even sold client databases for a profit as client contact information is key to the marketing efforts of such companies. Annoying cold calls have become the norm and marketing companies are constituted specifically for the purpose of phoning one person after another from a database or list which it has been given.

With the ongoing development of the internet and the massive increase in numbers of users of either the Microsoft Operating Systems or the Apple Operation Systems, people’s information is now floating around in a cyber space over which very few organisations have control. Businesses have been forced to allow operations from employees’ homes due to the Covid 19 “New Normal” which means that even more information is shared electronically than ever before.

The USA and Europe introduced stronger Privacy Laws some years ago and South Africa has now joined this club with the introduction of the POPI Act which will become fully operational in July 2021. As with the US and European GDPR Policies, South African organisations will all be obliged to review the way in which clients’ information is collected, where it is processed and importantly – what is done with the information. Clients’ Consent must now be obtained by companies and the reasons that the information is being collected must be clearly explained within the documents signed by the clients. All companies must relook its internet and cyber security policies as well as introduce rules for employees when such employees engage with clients.

In terms of the POPI Act, businesses must develop and implement a Privacy Policy by no later than 1 July 2021 and such Policy must be accessible to the businesses’ clients (on the website) as well as mentioned in the businesses’ standard documentation. Businesses which historically used lists of contact numbers and emails to market directly to people must relook its’ “cold calling” tactics and must educate its employees regarding the parameters of such direct marketing in line with the POPI Act Regulations

As Privacy compliance ties in with a business’s credibility, non compliance with the POPI Act and Regulations may lead to reputational damage or consequences.

It is therefor advisable for all businesses to start the process of reviewing its current Privacy Policy or developing a new Policy to ensure that it is set and ready for 1 July 2021, especially if the business deals with clients from any of the EU countries or the USA in which event there may be a need for a GDPR Policy or integration between the EU GDPR and the South African POPI Act.

Contact a specialist for assistance and advice.