The protection of personal information is a very important issue in South Africa and around the world. POPIA, the Protection of Personal Information Act was drafted in 2013, signed in 2016 and should be implemented sometime in 2018. Most publishers and advertisers have started their preparation in order to comply with the Act. Europe updated their data protection recently and the new regulation, European Union’s General Data Protection Regulation (GDPR), will take effect on May 2018. As a publisher, what do you need to know about POPI? Will the European GDPR affect your work and business?
What is POPI?
POPIA is the Protection of Personal Information Act. It was enacted in 2013 to protect personal information and privacy. POPI is not yet effective and will only be once the Information Regulator is operational, which might be some time in 2018. The start date for POPI has not yet been given to the public, but there will be a grace period of one year from the start date.
The POPI Act defines how personal information should be processed and anybody storing and using personal information should be aware of what the Act entails: employers, banks, companies who store their client information, advertisers, and publishers who have email databases.
POPIA touches on the following points:
What can you do as a publisher to become POPI compliant?
The new version of POPI’s European counterpart is being implemented from 25 May 2018. The GDPR might affect your business in some way you are not expecting. For example, if you have sold a product or service to a European citizen or have someone working remotely in Europe, then the GDPR will need to be respected. The GDPR, like the POPI act, is on the side of the individual and, gives them the right to know how their data is being used, stored, protected, transferred, deleted, and the right to be forgotten.
As a publisher, if you hold any data from European residents, you will need to apply the new regulations. It is advisable, like for the POPI Act, to get ready and read what will be required. Both regulations are not so different from each other and applying POPI’s requirements should help with the European GDPR.
Caroline Pourteyron – Head of Operations