Due to COVID-19, it almost feels as if the world has come to a standstill, so it is therefore understandable that the POPI Act (POPIA) commencement date was not announced as planned – i.e.  1 April 2020. However, the world coming to a halt is just an illusion as businesses globally are already starting to reopen and the wheels of commerce will soon start turning again – and that one year’s POPIA grace period will still need to run its course.

Pending any further statements made by the Information Regulator we cannot say for certain when the POPIA commencement date will be. But considering that Adv. Tlakula’s term is set to end on 1 December 2021 – it is reasonable to expect that her office would want to ensure that the POPI Act is in full effect by then. Therefore, we could estimate that an announcement regarding the commencement date will take place sometime during mid to end of 2020.

Data privacy during the lockdown?

There is no doubt, we are facing a road none of us have travelled as we navigate the existential threat of Covid-19. The pandemic presents new challenges – not only for global health but for humanity. We each find ourselves treading through this journey without precedent and with few guideposts.

That being said it is also the perfect opportunity for some ‘business’ housekeeping – it is therefore imperative for business owners to use this time to put sufficient systems, processes and measures in place to ensure compliance with the POPIA as, once fully effective, the POPIA will place specific obligations on businesses to process personal information within the confines of its provisions.

Cyber-crime has also risen during the pandemic with many businesses continuing or having being forced to function electronically, even if their operations are severely limited. This comes with its pros and cons.

The pro is business continuation. The con is increased cyber risk.

Caroline Edey-van Wyk, Digital Content Specialist at Investec says, “Remote working has led to unprecedented digital dependency, and this has seen an increase in cyber fraud, with South Africa seeing a surge in digital attacks. Criminals are preying on our vulnerability during the Covid-19 crisis.”

Still, even in these uncertain times, there are ways to ensure that you protect your business and your customers. Get ahead of the issue and do not let your business become a statistic. Covid-19 is one of the greatest challenges we can face; and we will be defined as a generation by how we respond to it. You may not be able to control the global pandemic, but your business can put measures in place to ensure that it continues to operate in a manner that protects its assets.

So, what can you do right now?

You can contact us for a personal consultation on how to ensure that you are POPIA ready.

DINANA REID INC can help your business with four key services to safeguard your business now – and in the future…. This is what you can do:

1. Carry out a risk and impact assessment. POPIA (2013) and the POPIA Regulations (2018) require a comprehensive valuation of the risk of non-compliance as well as a privacy impact assessment. We have extensive experience in conducting both of these assessments which are crucial building blocks to preparing your business for POPIA compliance.
2. Ensure that the legal and compliance obligations regarding your business are covered, this includes making certain that full proof privacy policies as well as terms and conditions for your website are in place to protect your business interests; and equally as important – to protect the rights of your website visitors and customers. With years of cyber law practice behind us – our team has proven themselves to be experts on these policies and can therefore give you specialized guidance.
3. Improve your knowledge by doing an online POPI Act course. Compulsory nation-wide lockdown may have given you some extra time on your hands… so, take advantage of this spare time and sign up to our self-service online training program, “POPI Works” in partnership with Media Works and IACT-Africa. The program is comprised of multiple modules, including a knowledge assessment and certificate of completion. It is easy to use; easy to remember and available on mobiles, tablets, and PCs. We are also able to deliver online webinars. Once we reach the appropriate level of lockdown, we will reinstate our face-to-face classes (safety measures will be in place according to the Covid-19 regulations).
4. And Don’t forget PAIA. The Promotion of Access to Information Act 2 of 2000 (PAIA) is the other side of the POPIA coin. PAIA requires entities (public or private) to have a manual in place that serves as a roadmap on how to request information and records held by such entities. If your manual was prepared before September 2013, it must be reviewed and updated in line with POPIA. PAIA is everyone’s responsibility and not limited to a certain level or job description. Therefore, any person in your organisation that deals with or has access to personal information must be trained on the PAIA and POPIA – you and all your employees should have a full understanding of how to collect data, where to store it, who and under what conditions to grant access to this data.

Remember that business and life will continue after the pandemic – and eventually the POPIA will be in full effect.  If your business does not comply, irrespective of whether it is intentional or accidental, you can face severe penalties. POPIA makes provision for fines of up to R10 million and a jail sentence of up to 10 years, depending on the seriousness of the breach.

In these interesting and unique times that we find ourselves in, it is imperative that you remain in control of what is in your hands. You may not be able to control Covid-19, but you can control how you safeguard your business against it.

Contact us today and we can help you.

Dinana Reid | Lebogang George

Tel:     +27 10 035 3442

EML:    admin@dreidinc.co.za