Source: Gary Alleman, Bizcommunity, 31 May 2021, photo credit: Vision Magazine online
With a month to go before the Protection of Personal Information Act (PoPIA) comes into effect on 1 July, companies that have left their compliance program to the last minute may well miss the deadline for compliance.
One clear lesson to take from the GDPR experience is that a clear plan and roadmap for compliance is essential.
If you have just started, then here are five concrete steps to take in the next month. The Act is written in relatively plain language and you should be able to understand the basics from reading through it. As you read, remember that the intention of the Act is to protect the rights of your customers, staff and suppliers, not to destroy your business.
In most cases, what the Act is proposing is common sense – ensuring that sensitive data is not abused and that you use it for the purpose for which it is intended. Increasingly, consumers are preferring to deal with companies that take their rights and needs seriously, so PoPIA compliance can even be a competitive advantage. Of course, if you are unsure of a detail, it would make sense to reach out to your legal advisors for advice.
You may also want to familiarise yourself more broadly with the principles of data privacy, for example by taking our online Data Privacy and Protection Fundamentals Course.