The Act has been in play in South Africa since 2013 but has only become compulsory to enforce as of 01 July 2021. The POPI Act sets the conditions for responsible parties to lawfully process personal information.
Personal information is described as any information relating to an identifiable natural person or juristic person. This would include information such as name and surname; date of birth; contact details; age etc. The POPI Act is important as it protects people from harm such as identity theft and discrimination.
Each organisation is affected differently by POPI and the results of non-compliance can include fines, imprisonment, and reputational damage. As the Act becomes enforceable in South Africa, organisations are impacted by the way they process personal information, especially special personal information, children’s information, and account numbers.
In order to process information, organisations need to ensure that the following processing conditions are upheld:
- Accountability: All legal entities need to be responsible, accountable and must comply with the conditions of the Act.
- Processing Limitation: All legal entities need to know why they are processing and capturing private information. There also need to be limitations in place as to what information you process and how much there is.
- Purpose Specific: The data must be captured for a specific and justifiable reason and the data subject needs to be aware of this.
- Further Processing: Any further processing or use of information collected needs to be related to the original purpose of the information being collected.
- Information Quality: All information collected must be correct, up to date and not misleading.
- Openness: In order to ensure openness, notifications need to be sent to the party whose information is being captured.
- Data Subject Participation: The party whose information you have, has the right to ask for any data you have about them. They can also request for this information to be deleted.
- Security Safeguards: Firstly you need to identify the data that contains personal information and treat it with care. Secondly, all such information must be secured.
To ensure AltGen remains compliant, we have updated our internal policies and would like to bring the following changes to light:
- PAIA Manual: Our PAIA Manual, also found on our website, outlines how you may access information and who to contact within AltGen. See our manual here.
We also want to assure all our international clients and candidates out there that we are compliant with the GDPR.
AltGen respects the privacy of our candidates and clients. We will always provide you with the option to unsubscribe from marketing communication.
Our Information Officers are Lisa De Sousa and Lané Höll.
If you have questions – we are happy to help, just drop us a line.