Non-compliance will incur significant fines, lead to reputational damage for your brand and will require businesses to pay out damages claims to impacted customers and even possible jail time for business owners. With the current economic climate, SME’s cannot afford for any of these penalties to happen. With businesses so focused on survival, however, it has become difficult to maintain POPIA compliance.

When businesses handle data for marketing relating purposes, it is important to remember the following:

1. Acquire opt-ins from individuals

One of the most critical areas of POPIA is the need to acquire consent before sharing their information, hence making the opt-in approach a non-negotiable tactic. This also applies to how companies are allowed to share the personal information of clients internally.

For small businesses, one of the most effective ways to eliminate issues is to add a disclaimer to marketing and company communications that state why they are collecting information.

2. Database legality

For companies that choose to buy databases, it is crucial to ensure that they are using reputable service providers to ensure that the individuals in these databases have consented to their data being sold. If this consent has not been given then the database is deemed illegal and both service provider and business can be held liable for non-compliance.

Although the majority of businesses have already been adhering to proper direct marketing practices to ensure quality leads, they need to ensure that all their marketing material has clearly marked ‘opt-outs’.

3. Gain existing customer permission & protect data

Companies that make use of existing databases should ensure that all data is safely stored and protected. Furthermore, companies should ensure that they are able to declare where data has been collected from. If this is not in place, businesses will be held liable for relevant penalties.