[vc_row][vc_column][vc_column_text]On Monday 22 June, it was announced that a number of sections of the Protection of Personal Information Act (POPIA) have come into effect. Most of these – which deal with, among others, the conditions for lawful processing of personal information – come into effect on 1 July 2020 with the remaining sections coming into effect on 30 June 2021.

“With the former category of sections,” says Grant Wilkinson: labour lawyer and executive at Global Business Solutions, “although they come into effect on 1 July 2020 organisations have until 30 June 2021 to ensure full compliance.”

However, as ensuring compliance with POPIA is not a quick process, it is recommended that you begin with reviewing and, if need be, altering your data-processing systems sooner rather than later in order to make sure that you don’t miss the deadline.

POPIA’s impact on HR

The most significant aspect of POPIA, which relates to the processing of data related to data subjects, comes into effect on 1 July 2020. “What this means is that information (referred to as ‘data’ in POPIA) that relates to a specific individual (data subject) needs to be handled (‘processed’ in the language of the Act) according to the procedures set out in the Act,” continues Wilkinson.

What this means, from an HR and employment law perspective, is that your employees’ information needs to be handled and stored in such a way that no harm can come to it. For example, you need to ensure that the electronic or manual storage facility where personal information is stored is compromised and it is sold to third parties.

The penalties for non-compliance with the Act are quite onerous. Depending on the nature of the non-compliance, the organisation handling the data on behalf of the data subjects could be subject to:

  • A fine of up to R10 million
  • Imprisonment (of between 12 months and 10 years), or
  • Both

“Besides the fines and potential prison term, if your organisation is found to not be compliant with POPIA you will most likely suffer reputational damage as clients, suppliers and employees will be loath to do business with you as they will be nervous of entrusting you with their personal data,” concludes Wilkinson.[/vc_column_text][/vc_column][/vc_row]