SYNAQ is prepared for the POPI Act

Johannesburg, 22 Jul 2021
Read time 5min 10sec

The landmark POPI Act came into effect on 1 July 2020, which means the grace period (exactly 12 months after the commencement date) ended on 1 July 2021. The deadline was not extended, since the Act was first proposed eight years ago. All responsible parties and operators are now under pressure to ensure their data-processing procedures are compliant with the regulations. 

Let’s take a closer look at the POPI Act, why it makes good business sense and where SYNAQ fits in.

The POPI Act simplified

The Protection of Personal Information Act (also known as the POPI Act or POPIA) was promulgated to protect data subjects from undue exposure of their personal information and any harm that might result from it. It is comparable to the European Union’s GDPR (General Data Protection Regulation), which has been law since 2018.

The Act protects all persons, including people and juristic persons such as companies and trusts. The definition of personal information is broad and covers any information that can be used to identify a person, such as their identity or passport numbers, date of birth and age, phone numbers, e-mail addresses and financial information. Custodians of such information are responsible for collecting, storing, editing, transferring and deleting the data in accordance with the Act’s guidelines.

When someone’s personal information is exposed, they can be harassed, stalked and assaulted; have their identity or money stolen; face unfair discrimination; or receive unwanted marketing messaging (spam). The Act was put in place to prevent these harmful consequences or any other foreseeable risks related to unlawful collection, exposure, deletion or transfer of personal information.

In business, personal information is everywhere. Whether you’re dealing with customers, employees or suppliers, there’s a constant flow of sensitive data in our e-mail correspondence, financial transactions and contracts. This makes complying with the POPI Act and prioritising data privacy a non-negotiable business objective.

Our obligations as SYNAQ

The POPI Act defines three parties – the data subject, responsible party and operator. The data subject is the individual the personal information is about. The responsible party is the one that determines why and how the data is processed. The operator is the third party that processes personal information under an agreement with the responsible party.

SYNAQ is considered a responsible party when we vend our services to direct clients. According to the POPI Act, a responsible party determines the purpose for processing information, what information is processed, for how long and how it’s processed. We are ultimately accountable for ensuring that POPI is complied with by SYNAQ and any operators with whom we have contracts. If any of our associated operators contravenes the Act, SYNAQ will still be held liable by the Information Regulator.

As a provider of business IT solutions to our resellers, SYNAQ can also qualify as an operator under the POPI Act. So in some instances, it is required by law for SYNAQ to enter into a data-processing agreement or clause with responsible parties before processing any personal information. The agreement stipulates how an operator will process the data on behalf of the responsible party without violating the data subject’s right to data protection under the Act.

Operators need to prepare themselves for answering questions from customers about how their data is being used. There are cases where they have an obligation to keep personal information confidential and only process it with the explicit knowledge and permission of the responsible party.

How the Act benefits your business

Many business leaders have dreaded the introduction of the POPI Act because it means they have to drastically overhaul their internal data controls. But that’s only half the story. All the process changes necessary to protect a person’s constitutional right to privacy aren’t just good for the data subjects, they’re good for all. More specifically, they’re good for your business too.

The POPI Act adds value to your business by:

1. Building consumer trust

Customers are more likely to do business with you if they know they can trust you with their personal information.

2. Promoting more ethical business practices

By complying with the Act, you give data subjects back their power over their personal information without impeding business. This creates a culture of secure and ethical data processing across industries over time.

3. Guaranteeing peace of mind

If you comply with all the Act’s requirements, you avoid unwanted surprises and can rest assured that your business’s reputation will remain intact.

4. Leveraging compliance as a differentiator

You can market your business’s solutions and services as 100% POPI-compliant, which gives you a security edge over competitors who have not yet attained compliance.

We don’t compromise on compliance

SYNAQ has been diligently preparing for the POPI Act, because we understand that e-mail is where business happens, with troves of personal information streaming in and out of inboxes daily. That’s why our business IT solutions aren’t just built to satisfy POPI requirements, but to meet global data protection best practices. From SYNAQ business mail to archiving, branding and continuity, our solutions are secure by design – and your business’s best bet for guaranteed compliance and complete peace of mind.

By choosing SYNAQ, you integrate POPI compliance into your own business processes without lifting a finger. Using our solutions make your business processes POPI compliant because they’re intentionally engineered to fulfil the legislation’s data security requirements, which – we’d like to remind you – will soon no longer be an option.

Your trusted and secure business mail partner.

The SYNAQ Team

See also