The final compliance date for POPI, which is 1 July, is getting close. We know that she has quite a few rules and regulations to get the hang of. In this article we compiled some frequently asked questions concerning POPI and answered them for you.
- Does every company need a compliance/information officer and how do you register as one?
The short answer is yes, every company needs an information officer who will ensure POPI compliance at all times. You can register as a compliance/information officer online at: https://itirele.justice.gov.za/itirele/Form/IRRTT.SMF.InformationOfficerRegistrationCapture/
- Who will be held responsible if a business does not comply to POPI?
As you might know by now the penalties can be quite severe for non-compliance, varying from financial fines to jail time. As the phrase suggests the responsible party will be held accountable. This can, however, become tricky as there usually are more than one person and/or process data runs through. If one singular person can be identified as the offender, they alone will be penalised. If not, the whole business will be deemed guilty of non-compliance and the fines will be decided on accordingly.
- Must I report it if an employee’s devices get stolen or damaged? Is that a data-breach?
If an employee’s phone, computer, tablet or any other electronic device gets stolen or damaged you have to look at a couple of factors that come into play. It is only necessary to report a case of data-breach if you have substantial reason to believe that sensitive information could have been exposed to an external party. If the information has been encrypted and you are sure that no one besides yourself could access it, you do not need to worry or report the case to the regulator.
- Are we allowed to notify our employees if someone tested positive for Covid-19?
Covid-19 is, like any other illness, a medical condition and then technically confidential information which my not be disclosed to other parties without the patient’s consent. The exception here is that it can be shared without their consent if requested by the law or if you signed a contract saying that it may be disclosed on behalf of you if you get infected. In most cases, but not all, it is probably allowed to notify the company’s employees if someone contracted Covid-19 and steps according to the government have to be followed, like sanitising the building and so forth.
- Will the POPI Act’s grace period be extended again?
No, you only have until 1 July 2021 to become fully compliant with POPI as it will not be extended again. If you are still unsure if you should comply, how POPI works, or have any other questions, you can fill in the form below and First Technology will be happy to help you with further inquiries.
Make sure to read our next story about POPI, where a local lawyer helps us by explaining how POPI works in a simple and easy way.
If you’d like to know more and get the easiest solution for your business to comply with POPI, fill in the form below:
Oops! We could not locate your form.
