Last year, President Cyril Ramaphosa declared that by July this year, South African businesses would be required to put necessary measures in place to become compliant with the new Protection of Personal Information (Popi) Act.
The act is to ensure better data and security management as well as accountability on how businesses use public data, bringing South Africa’s privacy laws in line with international standards.
It will also limit how companies use and store data such as customer email addresses (which might have historically been used for direct sales leads or dissemination of company newsletters).
Popi promotes the protection of personal information across the public and private sector. Historically, laws on the use of personal details were less stringent.
With data breaches on the rise, the Popi Act seeks to protect consumers from security breaches, theft, and discrimination.
Based on responsibility, security, and consent, Popi holds all data processors accountable, regardless of the size of their databases. Every business that is online and collecting data from customers is, unfortunately, vulnerable to a cyberattack.
Therefore, small and medium enterprises (SMEs) are not exempt from needing to become compliant.
According to Accenture, South Africa has the third-highest number of cyberattacks, which collectively led to losses of more than R2 billion a year.
Recently, a leading health group fell victim to a sophisticated cyberattack, rendering its systems offline indefinitely.
The ripple effect had a devastating impact on the brand’s reputation and, ultimately, its bottom line. Small businesses are just as vulnerable to cyberattacks as their larger counterparts. Next month, the are expected to have the necessary measures in place to adequately protect themselves and their customers.
The establishment of Popi has seen a mushrooming of related services. Thanks to the laws of supply and demand, small businesses have access to a wealth of information on training and support.
Choose key members of your team and invest in learning and development around the structural implications of the act. Stay on top of developments.
Popi will have a significant effect on the way you are permitted to market your business to potential customers.
For example, customers must express explicit consent to receiving direct marketing communication from your business.
It is imperative that your marketing team – or agency – is well-versed on the implications of the act on marketing strategies.
Consider the appointment of someone who can keep abreast of how Popi will evolve. Outsource the responsibility if you have to.