Organizations subject to the Protection of Personal Information Act (“POPI Act“) (also called POPIA) have until July 1, 2021, to fully comply with this new South African privacy law. As the deadline is steadily approaching, organizations must be ready to comply with POPI Act’s eight conditions for lawful processing. Fortunately, VeraSafe can help you make POPI Act compliance easier by breaking down each condition into manageable, actionable segments. In this post, we’ll focus on how to address ‘openness’ – the sixth condition for lawful processing.
Use Your Privacy Policy to Meet POPI Act Section 18 Requirements
Openness requires that organizations be forthcoming and transparent about their privacy practices. In particular, Section 18 of POPI Act requires organizations that collect personal information to take reasonably practicable steps to ensure that individuals are aware of certain information, such as:
- the personal information being collected;
- the purpose of such collection;
- the law authorizing or requiring the collection of information, if applicable;
- the name and address of your organization;
- the consequences of failure to provide the requested personal information;
- whether the supply of personal information by the individual is voluntary or mandatory; and
- who will have access to the personal information.
This can be achieved in many different ways, such as on-site notices, “just in time” notices, consent forms, and so on. However, the simplest way to fulfill the requirement is by maintaining a compliant and comprehensive privacy policy. That is why VeraSafe has created a POPI Act Privacy Policy Checklist, available below.
What Is a Privacy Policy?
A privacy policy (sometimes called a “privacy notice” or “privacy statement“) is a statement that describes how an organization collects, uses, discloses, and manages personal information. The POPI Act requires various disclosures that organizations are obligated to make to the natural and juristic persons whose personal information they process. These disclosure requirements are summarized in VeraSafe’s POPI Act Privacy Policy Checklist.
VeraSafe’s POPI Act Privacy Policy Checklist
To help accomplish the objectives of Section 18 of POPI Act, we developed a POPI Act Privacy Policy Checklist – which you can now access for free! We encourage you to become familiar with Section 18 of POPI Act. Use our Checklist as your starting point for drafting or updating your privacy policy in compliance with POPI Act.
Need a POPI Act Expert?
VeraSafe’s comprehensive POPIA Compliance Program offers a complete solution to help you comply with the POPI Act. We can help you determine how and if the POPI Act applies to your organization and, if it does, prepare a plan of what is needed to meet the POPI Act obligations. VeraSafe pairs your business units and in-house attorneys with our specialized South African privacy attorneys, information security experts, and project managers, providing you with a holistic approach to compliance.
Visit our POPIA Compliance page for more information on the key elements of VeraSafe’s POPIA Compliance Program, or contact one of VeraSafe’s privacy experts today for a free consultation.
