2 minute read
Not the time to smell the roses
NADIA VERAPPEN Compliance Officer, Compli-Serve SA
The POPI Act represents a very serious shift in financial services and beyond. Hardly a time to smell the roses – or rather the ‘poppies’ in this instance – the Protection of Personal Information Act demands attention and lays down the rules regarding the way businesses will manage, handle and use information. Though we are still waiting for an enaction date, the Act sets out some very serious rules, flagging how essential compliance will be. It’s better to avoid becoming complacent while waiting for POPI to bloom, so here are some important reminders, particularly for FSPs.
Finding a balance
The Act compels businesses to recognise the importance of data privacy, as well as to establish the delicate balance between safeguarding personal information, and at the same time allowing for the free flow of information as required in business processes. The socialisation of POPI within a business is essential to address. A breach may well occur as the result of human error, due to negligence or a general lack of understanding. To mitigate this, management and training needs to take place, and then be repeated. Focusing on having the correct data, stored in the correct place, for the correct reasons, accessible by the correct people, is the best approach to follow when dealing with personal information.
It will cost if you fail to comply
The Information Regulator may order financial compensation to data subjects for any damages they may suffer as a result of a breach. Some of the possible punitive measures for non-compliance will include a fine or imprisonment – either charging between R1m and R10m, or one to ten years in jail, depending on the severity of the offence.
Businesses may also suffer reputational damage for breaches or non-compliance, the cost of which cannot be precisely measured, and the effects thereafter may linger long into the future. But all attempts are not futile as the Act focuses largely on the concept of reasonability and practicality.
While it will be impossible to keep all information secure all the time, one is required to take all reasonable measures to ensure that data is protected and handled in accordance with legislative requirements.
Doing right by data
POPI compliance may seem daunting now, but businesses should remember that data protection is the right thing to do for all parties involved.
By recognising the importance of data protection, not only is South Africa positioned in line with global standards, but also remains lucrative for foreign investment.
Space to grow
Putting data safety first in turn provides an opportunity for businesses to exhibit good governance and to grow their market share through demonstrating their commitment to data privacy. As consumer – and consequently data – protection increasingly become the central goal within financial services, it’s best to sow the seeds you can now for compliance success ahead.
