How remaining sections of POPI Act are going to affect the way we work

As many companies are trying to come to terms with operating within the COVID-19 parameters, the announcement by the Presidency in June regarding several of the remaining sections of the Protection of Personal Information Act (POPIA) becoming enforced, may have gone amiss.

There are a number of additional sections that have been added and will come into effect.

Anelda Dillon, Senior Consultant at Bizmod, says these additional sections will no doubt influence the way we work going forward and the way that businesses operate. COVID-19 has already significantly changed the way we work by increasing remote working, and we expect that for many, this will continue to be a norm for some time still.

For organisations, this means they need to prioritise a plan to focus on data access, information security and data management. In addition, the behaviour of employees has and will need to continue to change as engagement becomes more remote. “This means that people’s privacy needs to be respected at all times without jeopardising the information protection controls that will need to be put in place,” says Dillon.

Organisations need to be aware that information privacy is more than compliance to the POPI Act, as there are additional industry-specific regulations and standards that need to be onboarded within organisations.“The onus is also on the business to be aware of any protocols required by different countries if operating across borders,” warns Dillon.

Dillon provides the below tips for organisations to ensure sustainable compliance:

• For all sections of POPI to be successfully implemented, the buy-in and commitment from the leadership team is integral.
• The Information Privacy Officer should be able to hold Deputy Information Officers (heads of business responsible for information protection in their areas) accountable for their departments and business unit’s compliance.
• Functional and user-friendly processes and technology platforms and systems need to be created and implemented.
• Creating aligned approaches across the organisation, especially relating to direct marketing, data subject, incidents and breaches.
• Customer and third-party engagement strategies will need to be redesigned to meet the new requirements.
• Alignment throughout the business, especially when it comes to big corporations comprising of multiple business units, departments, additional legal entities and branches.
• Constant communication enforcing a culture of awareness and commitment to the safeguarding and protection of personal information.

“Many companies will be faced with the challenge of fostering a culture where employees feel connected while still adhering to the information privacy requirements,” says Dillon. “Companies are going to become increasingly reliant on the integrity and establishment of trust with employees when working offsite and being required by law to protect information.”