Compulsory compliance with the POPIA act is around the corner. We are busy working with the updated information to get our organization POPIA ready. There has been a lot of movement within the last 6 months, so I decided to create this article with links for you to access more information.
The goal of the POPI Act is to protect data subjects from security breaches, theft, and discrimination. To accomplish this, it outlines eight principles that South African data processors must follow.
Before I continue, I want to mention that the POPIA legislation is different to other acts. It is a principal-based legislation and not a rule based legislation like the National Credit act. There are no “you must or must not” rules to follow. It thus requires thought on how to apply the principles in your organization.
Compliance with the POPIA act will be compulsory from 1 July 2021.
All organizations who process personal information by entering it into a record and who are domiciled in South Africa, or have operations in South Africa, must comply with the act.
As the POPIA act has a direct impact on our business we would like to update you with changes to our data terms.
- Compulsory registration with the Direct Marketing Association
Due to the compliance requirements and risks associated with supplying data. Our supplier has notified us that they will only supply data to registered members of the DMASA.
From 1 July we require all clients that purchase data to supply us with a DMASA membership certificate.
All companies that work with data and direct marketing should be members of the DMASA. As a member you will be able to access additional benefits including the national opt out list. This will be important for ensuring all people that opt out from marketing are removed from your active database.
Register here
To sign up please visit https://www.nationaloptout.org/Members/Join/RegisterCompany
Here is the link for annual membership fees
https://www.dmasa.org/page/member-pricing
If you have any problems registering, please email me and I will connect you with my contact at the DMASA.
2. Data usage
As all electronic communication campaigns require prior opt in consent. We will only provide data for cold calling campaigns.
Person to person campaigns will still be permitted.
The intention of POPIA is to not prohibit the industry but rather regulate it. They want to encourage us to do business differently and be open and transparent.
Register with the information regulator
All organizations that process data must register with the information regulator before 1 July 2021.
The regulator will be responsible for protecting personal information. It will also make decisions about access to information.
The default officer is accountable to the regulator and are the one that the law specifies as being the information officer by default.
For more information about this process, I recommend you read the links below:
Online portal
https://www.justice.gov.za/inforeg/portal.html
Guidance notice on information and deputy information officers
https://www.justice.gov.za/inforeg/docs/InfoRegSA-GuidanceNote-IO-DIO-20210401.pdf
How to register
Direct marketing association POPIA workshop
This is an interesting workshop worth watching. They discuss topics like cold calling and who needs to obtain consent for campaigns.
Conclusion
I am not a POPIA expert but I have shared my knowledge from what I have interpreted and gathered from experts.
I hope you found this article useful. The POPIA act is changing our industry but by embracing it you will be able to put your organization ahead of your competitors well in advance. If you require further assistance I recommend you consider consulting with a POPIA compliance expert to help your organization become POPIA compliant.
Please do reach out if you want to find out about our POPIA compliant data lists for call campaigns.