Businesses should embrace Popia as a ‘positive’

The Protection of Personal Information Act (Popia), which came into effect on 1 July, removes the administrative barriers that can hamper international business and positions SA as an appealing destination for foreign investment due to proper data regulations being in place.

In a Mail & Guardian analysis, this is the argument by Greg Chen, founder and chief executive of mobile marketing company Mobiz, in a Mail & Guardian analysis.

‘However, many businesses and marketers are still delaying the process of implementing the new legislation and are unsure of how to comply with the Act,’ Chen writes. ‘Although the Act introduces additional requirements that businesses must comply with, it should be viewed as a positive step for South Africa. The global shift is bringing clear alignment with direct marketing consent and data-protection policies. With the demise of third-party data sharing to protect consumers’ privacy, legislation such as Popia is becoming more relevant and necessary.’

He says because the Act’s scope is broad, there are specific conditions in the Act that deal with direct marketing communications, which many businesses struggle with when ensuring they remain compliant. Chen provides practical steps for businesses to take to ensure compliance with direct marketing.

  1. Establish a data rights procedure – If a business holds someone’s personal data on file, that person is a data subject whose rights must be respected in accordance with Popia. All data subjects have the right to access, correct or request to delete their personal data;
  2. Ensure a privacy policy is in place – A privacy policy is a public-facing document that tells customers (or anyone else) what you do with personal information. It is advisable to approach a legal specialist to draft proper consent forms, notices and privacy policies in line with Popia;
  3. Review your marketing contact database – Any recipient of a company’s marketing communications must have voluntarily opted in to communications, must be contacted for a specific purpose and must be informed about the type of communication they will receive. When collecting personal information, this should also include a link to the company’s privacy policy;
  4. Alternatively, recipients could already be existing customers if the company is marketing products or services that are similar to those offered when the company first acquired their personal details. With each new marketing e-mail sent, customers must have the option to unsubscribe; and
  5. Continuously update databases with customer preferences.

You can find the full Mail & Guardian analysis here