With less than 80 days until PoPIA takes effect, mitigating risk is now an urgent priority

The Protection of Personal Information Act (PoPIA) comes into full effect 01 July 2021. This date should come as no surprise to anyone or any business, as we have all had a year to come up to speed. However, in reality many organisations are finding themselves scrambling with less than 80 days to go. The legal compliance landscape as a whole is challenging to come to grips with, which is where Temporary Employment Service (TES) providers can offer assistance. Ensuring your TES provider is PoPIA complaint will make at least the staffing aspect of the business compliant, leaving businesses to focus on other core areas that may need to be urgently addressed.

Penalties for non-compliance

Businesses have been struggling not only with PoPIA, but legal compliance in general. The legislative landscape changes constantly, and without dedicated resources to ensure compliance, businesses may be unaware that they are at risk. The reality though is that ignorance is no excuse in the eyes of the law, so should businesses be in breach they are still liable for the consequences.

The penalties of non-compliance with PoPIA can be severe, ranging from fines up to R10 million for serious offenses to jail time of 10 years. Businesses need to appoint an information officer tasked with compliance, who will be registered with the information regulator. Should there be a compliance breach that needs to be investigated, the information officer will be the go-to person.

They will also be the one who could potentially face the consequences should it be proved that the breach resulted from lack of due effort, or from negligence on the part of the business. Should the company not have an information officer, then the CEO or MD will face the blame. 

Recovering from Covid

As the economy begins its recovery after the Covid-19 lockdowns, businesses have begun hiring again. What they need to always bear in mind is that PoPIA is a broad-ranging legislation, and it encompasses every element of business, including staffing and hiring. From recruiting candidates to the way information is handled, including employee, supplier and third-party data, and the IT systems that process it, everything must be PoPIA compliant.

Compliance is not only the hugely publicised data breaches, it goes right down to the filing systems, how paperwork is retained and destroyed, who has access to it and more. PoPIA also requires businesses to disclose what information is being gathered, for what purpose, and how it will be stored. The definition of personal information is also broad, including signatures, medical history, ID number and even employment history. When it comes to staffing, this particular area also incorporates numerous other laws and legal requirements, making it challenging for many businesses to get to grips with.