This is a question that numerous business owners commonly ask throughout different sectors in South Africa. More often than not, the answer would be a quick yes, but let’s look at what approach business owners can take when establishing whether they need to comply with the act.
The Protection of Personal Information Act applies when your business is registered and has an address within the Republic or if your business has a foreign address, but you process information within the Republic.
It is mandatory for a company to have all the necessary procedures in place when the company processes the personal information of its clients, employees, or service providers.
Public and private sector companies must adhere to the rules set out in the POPI act.
To outline the above-mentioned, every business owner should ask themselves the following five questions to establish whether they need to comply with the POPI Act:
- Is my business registered within the Republic;
- Does my business process personal information in the Republic;
- Do we process the personal information of our clients;
- Do we process the personal information of our service providers;
- Do we process the personal information of our employees?
If your answer is yes to one of these questions, your business must comply with the POPI Act. When a business fails to comply with the Act’s regulations, the responsible party is guilty of an offence and liable to a penalty, as the Act states.
For more information on the requirements imposed by the Protection of Personal Information Act, please contact your nearest SEESA office for professional legal support. Alternatively, leave your name on our website, and a SEESA representative will contact you.
About The Author:
Hugo Roux is a Consumer Protection and POPI Legal Advisor at the SEESA Pretoria branch. He completed his LLB degree through NWU PUKKE and worked in practice for three years.
Resources:
- Section 3 of POPI Act – Application and interpretation of Act.