With an increasingly connected world, protecting personal information and data is crucial to any business. The POPI and GDPR Act have similar definitions, conditions and principles, with the GDPR being more extensive.
The Protection of Personal Information Act is a legislation designed to protect any personal information which is processed by both private and public bodies. As South Africa’s main protection law, Protection of Personal Information (POPI) is in place to ensure that every person who collects, stores and otherwise modifies or uses information is held responsible. Should companies or individuals not adhere to the policies in place, measures will be taken against them and they will be held accountable for any private or sensitive information at risk. POPI’s penalty for organisations that do not comply is a fine of up to R10 million or 10 years’ imprisonment.
The General Data Protection Regulation (GDPR) set out to give citizens more control over their personal data. The laws and obligations around personal data, privacy and consent are designed to reflect the digital world we live in. The GDPR applies to any organisation operating within the EU as well as any organisation outside of the EU which offer goods or services to customers or businesses in the EU. This means that South African organisations are affected and need to comply and conform to the legal framework to adhere to the GDPR.
The goal is for organisations to understand how valuable personal information is and what an asset it is to the organisation. It is their duty to protect said information.
The South African Information Regulator will start monitoring and enforcing the POPI Act to enhance cross-border cooperation and international harmony.