South Africans will enjoy more data privacy as the Protection of Personal Information Act (PoPI) takes effect on July 1. The data privacy laws offer guidelines for companies to use when processing personal information and the consequences for noncompliance.
The data privacy law balances the right to access information with the right to privacy when public and private bodies process consumer information.
Right under PoPI Act
Once the law takes effect, users will receive information of any of their personal data that companies seek to collect. Further, they will have the right to enquire whether a company has their personal information, and request a copy.
PoPI will give users the right to request the amendment or deletion of their personal data held by companies. Moreover, users can stop companies from processing their data in certain circumstances.
PoPI Act will change how marketers interact with personal information. The data privacy law requires companies to seek consent to use individual data for SMS, emails and automatic calls.
It also offers a guideline on how international firms working with local players must seek consent before accessing consumer data. However, organizations can share data with international players if they prove that it will benefit the user, and it is impractical to seek consent.
Finally, data privacy laws outline hefty fines in cases of noncompliance. For instance, the Information regulator has the power to levy fines of over R10 million ($0.57 million) and pursue criminal prosecution.
Companies will, therefore, have to maintain records of how, when, and where they obtained personal data. Moreover, they will also have to keep records of consent for use, and to what extent.