POPIA Simplified for Small Business

by | Jun 30, 2021 | Tax

Tags: Tax
Reading Time: 3 minutes
As of 1 July, all South African companies are obliged to ensure that they are fully compliant with the requirements outlined in the Protection of Personal Information Act (POPIA). This obligation started its course in 2013 when Government began exploring the possibilities of introducing conditions on how personal information may be processed. This means that every business, regardless of its size, will now be held liable if they do not attain POPIA compliance. Non-compliance will incur significant fines, lead to reputational damage for your brand and will require businesses to pay out damages claims to impacted customers and even possible jail time for business owners. With the current economic climate, SME’s cannot afford for any of these penalties to happen. With businesses so focused on survival, however, it has become difficult to maintain POPIA compliance.
30-June-Linkedin

When businesses handle data for marketing relating purposes, it is important to remember the following:

  1. Acquire opt-ins from individuals

One of the most critical areas of POPIA is the need to acquire consent before sharing their information, hence making the opt-in approach a non-negotiable tactic. This also applies to how companies are allowed to share the personal information of clients internally.

For small businesses, one of the most effective ways to eliminate issues is to add a disclaimer to marketing and company communications that state why they are collecting information.

  1. Database legality

For companies that choose to buy databases, it is crucial to ensure that they are using reputable service providers to ensure that the individuals in these databases have consented to their data being sold. If this consent has not been given then the database is deemed illegal and both service provider and business can be held liable for non-compliance.

Although the majority of businesses have already been adhering to proper direct marketing practices to ensure quality leads, they need to ensure that all their marketing material has clearly marked ‘opt-outs’.

  1. Gain existing customer permission & protect data

Companies that make use of existing databases should ensure that all data is safely stored and protected. Furthermore, companies should ensure that they are able to declare where data has been collected from. If this is not in place, businesses will be held liable for relevant penalties.

At MMS Group we hold our clients’ personal information in the highest regard and endeavour to protect it whilst simultaneously adhering to all other POPIA compliance requirements. Should you wish to discuss any concerns over how we process and store your information, feel free to contact us.   

Related Articles

New Cryptocurrency rules on the horizon

Apr 13, 2022

The 2022 Budget speech included a very important update on government’s stance on cryptocurrency.  Although recent income tax developments in the crypto space have largely focused on...

Let us assist you with:

Contact Us