POPI and what it means for publishers

Earn double commission with Zando in April and May!
3rd April 2018
Interview with Warren LaRey, Faithful to Nature
19th April 2018
Show all

POPI and what it means for publishers


The protection of personal information is a very important issue in South Africa and around the world. POPIA, the Protection of Personal Information Act was drafted in 2013, signed in 2016 and should be implemented sometime in 2018. Most publishers and advertisers have started their preparation in order to comply with the Act. Europe updated their data protection recently and the new regulation, European Union’s General Data Protection Regulation (GDPR), will take effect on May 2018. As a publisher, what do you need to know about POPI? Will the European GDPR affect your work and business?

What is POPI?

POPIA is the Protection of Personal Information Act. It was enacted in 2013 to protect personal information and privacy. POPI is not yet effective and will only be once the Information Regulator is operational, which might be some time in 2018. The start date for POPI has not yet been given to the public, but there will be a grace period of one year from the start date.

The POPI Act defines how personal information should be processed and anybody storing and using personal information should be aware of what the Act entails: employers, banks, companies who store their client information, advertisers, and publishers who have email databases.

POPIA touches on the following points:

  • Technology (how the information is stored): the way the information is being secured, and who is allowed to process the information (only authorised and necessary personnel may see and use the information)
  • Usage of information: personal information should only be used for the purpose agreed by the customer or employee
  • Unsolicited emails or marketing messages : they are forbidden unless certain provision apply – opt in/opt out strategy have to be implemented
  • Retention of information: personal information can only be retained for a necessary and specified amount of time

What can you do as a publisher to become POPI compliant?

  • Read the information available on the POPI Act
  • Show a clear and easy-to-understand privacy statement and explain how you will use personal data
  • Provide a clear choice to customers when deciding if they want to opt-in for communication (explain what it entails and for what products, add a tick box for example)
  • If you buy and sell leads, you will need a double opt in: one to sell the consumer information and one to provide the information to a third party
  • Email database: if you already have a database, not opted-in, you will need to ask your base’s consent in order to carry on sending third party messages
  • Clean your Data: take away unresponsive users and the ones who did not opt-in
  • Make sure that an unsubscribe button is always present on your email communication
  • SMS: you will need to ask for permission to send third party information (at the moment, SMS work on an opt-out basis and publishers can send SMS until the user opts out)
  • Make sure your data is well secured and not accessible by cyber criminals or unauthorised employees
  • Keep records on how the information is processed (contact opts in, emails sent to contact, contact unsubscribes)

The new version of POPI’s European counterpart is being implemented from 25 May 2018. The GDPR might affect your business in some way you are not expecting. For example, if you have sold a product or service to a European citizen or have someone working remotely in Europe, then the GDPR will need to be respected. The GDPR, like the POPI act, is on the side of the individual and, gives them the right to know how their data is being used, stored, protected, transferred, deleted, and the right to be forgotten.

As a publisher, if you hold any data from European residents, you will need to apply the new regulations. It is advisable, like for the POPI Act, to get ready and read what will be required. Both regulations are not so different from each other and applying POPI’s requirements should help with the European GDPR.

Caroline Pourteyron – Head of Operations



Comments are closed.