We’ve all fallen victim to unsollicited emails, phone calls and mail even though we were sure we ticked (or unticked) the right boxes. But there is hope. POPI (South Africa’s Protection of Personal Information Act) will come into effect in the next two years, meaning digital marketers and the brands they work with need to start preparing now to deal with the changes.
Current South African law stipulates you can contact whoever you want through digital channels, such as email or SMS, until they tell you to stop. However, POPI will turn this on its head by changing the digital marketing model from an opt-out form of consent to an opt-in one.
This is not necessarily a bad thing for brands because they’ll likely end up with smaller contact lists, but of higher quality, because consumers have chosen to invest in them and have a vested interest. But if you are in the business of buying and selling leads, POPI may be more troublesome, as you will effectively need double consent from consumers: To sell their info and to provide it to a third party who would then contact them.
Start preparing now
While POPI is still roughly two years away from full implementation, digital marketers and brands can still make moves now to ensure they are prepared for the transition.
Two important notes for brands: Firstly, customer consent must be voluntary, specific and informed, and if their saying ‘no’ means they don’t have access to a service, then that becomes extortion. Secondly, you need to get consent from your current contact lists, unless you told them they would be marketed to and there is always an unsubscribe option available. Also crucial to note is there’s a big difference between unsolicited digital marketing and your consumers signing up for your newsletter. They have already given their consent for the latter.
The POPI Act provides eight information protection principles to govern the processing of personal information.
People often provide information for one reason and do not realise that it may be used for other purposes as well. Therefore POPIA prescribes eight specific principles for the lawful processing and use of personal information. In a nutshell, the POPIA principles are:
So, whether one has totally embraced POPI or not – or truly understands the legal responsibilities it enforces upon businesses and organisations, there is no denying it has altered the scope of data protection, management and governance in South Africa.
Daniel Gross – CEO