Data privacy law is a globally expanding field of law that is increasing in importance as data becomes a highly-valued commodity amid rapid advancements in technology.

 

A relatively young field of practice in South Africa, data privacy law is gaining importance as businesses gear up to the 1 July 2021 deadline for compliance with South Africa's first piece of comprehensive legislation concerned with data privacy and protection, the Protection of Personal Information Act (POPIA).

POPIA aims to give effect to the constitutional right to privacy by introducing measures that regulate every step of how personal information belonging to both individuals and juristic entities is collected, processed and used by both private and public bodies from the moment of collection until the moment of destruction in order to ensure that personal information is processed and managed in a fair, transparent, and secure manner. 

POPIA introduces regulatory changes into the South African business landscape that will have a significant effect on a business’s accountability for the personal information it processes, as well as its business practices, processes, information security, documentation and agreements in almost every industry.

​

Does POPIA apply to your business?

POPIA generally applies to all personal information that is stored in a record. POPIA therefore applies to all businesses that collect, process or manage personal information such as employee information, customer information, supplier information, children’s personal information, health information and biometric information or any other form of personal information regarding a natural or juristic person in South Africa. POPIA will also apply to your business if you collect, process or manage personal information on behalf of third parties.

What do you need to do to start your POPIA compliance journey?

If POPIA applies to your business, you will need to start looking at what steps need to be taken to start your POPIA compliance journey. With the commencement of most of the material sections of POPIA on 1 July 2020, businesses need to become fully compliant. The extent of work needed to become compliant with POPIA, and the length of time needed to do so, will vary from business to business, and primarily depends on the size of the business and the amount of personal information that a business processes.

We are well placed to assist and guide you through your POPIA compliance journey. With professionals experienced in running POPIA implementation programmes, our Data Privacy and POPIA team has the subject matter knowledge coupled with hands-on practical experience to take clients through their entire data privacy compliance journey.

 

Our POPIA compliance and implementation services

​

We assist clients with a broad range of data privacy and POPIA compliance and implementation services, guiding clients throughout their compliance journey. Some of the services we offer include:

​

1. POPIA training and awareness: both for project and management teams starting out their compliance journey and general training and awareness initiatives for employees throughout the business.
 

2. Compliance gap analysis and reporting: performed to determine a business’s initial state or level of POPIA compliance, identify where personal information data sits within the business and reporting on gaps identified.
 

3. Implementation guidance and planning: legal advice and assistance regarding planning and prioritising POPIA compliance and implementation measures.
 

4. Compliance documents and legal agreements: Compliance and privacy related agreements, documents and policies.
 

5. General or ad-hoc compliance assistance: Legal opinions and general advice on aspects of data privacy and POPIA compliance.