With the Protection of Personal Information (POPI) Act still on billboards and in the news, most business owners are aware of it but they are still unsure of whether they are processing personal information lawfully.
You might think, “How am I going to do what the POPI Act requires from me and grow my business at the same time?”
This is not only possible, but it’s not as hard as many business owners think.
Where does my compliance begin?
Businesses need to work systematically through their processes and systems to determine if they are processing personal information lawfully and they must ensure they comply with the following conditions:
- Ensure you get consent to process the personal information.
- If you process the personal information, it must be in line with concluding a contract.
- You can process personal information if it is required by an obligation imposed by law.
- The data subject’s personal information can be used if it is processed to protect a legitimate interest of the data subject.
- If you need to use the personal information of the data subject to perform a public law duty.
- If the business or third party has a legitimate interest to process the data subject’s personal information, they can continue to do so.
These conditions are intended to be easily implementable and can be found in the normal business practice. It will also give you the confidence to use the personal information you as business owner acquired and have the ease of mind to prosper and grow your business.