Legal has been saved
Article
Legal
The Protection of Personal Information Bill
With the promulgation of the Protection of Personal Information law imminent and the need for organisations to undergo privacy compliance journeys, it is important that organisations understand the basic principles of protecting personal information according to the forthcoming law.
The Protection of Personal Information Bill
Protection of Personal Information or Data Privacy are terms that many South African organisations are only beginning to encounter. With the promulgation of the Protection of Personal Information law imminent and the need for organisations to undergo privacy compliance journeys, it is important that organisations understand the basic principles of protecting personal information according to the forthcoming law
Protection of Personal information Bill (PPI) will bring South Africa in line with international data protection laws and at the same time will protect personal information collected and processed by public and private organisations.
Personal information privacy presents a growing challenge as organisations must adapt and comply with complex international laws on how they handle personal information. The Bill requires organisations to establish appropriate policies and procedures to protect the various forms of data that are part of their business operations.
Understanding the importance of PPI
If you process information such as names, addresses, e-mail addresses, ID numbers, employment history, health data that are associated with an individual; or if you outsource your data to third parties, your organisation will have to comply with PPI. All organisations have personal information about shareholders, employees, customers, suppliers so PPI affects every area of your business.
Organisations need to consider:
- The limited time to comply
- The Bill should become an Act in the next three to six months. Business will be given a year to comply, but the full compliance procedure could typically take up to three years.
- International privacy laws
- Several countries already have strict privacy laws. If your organisation is doing business internationally, they are probably already in breach of the privacy laws in those countries.
- System changes: these changes often require reloading or rearrangement of information. This may be an opportune time to implement aspects of PPI.
- Non-compliance with the provisions of the Bill may result in criminal fines, civil liability and complaints to the regulator.
Identifying value-adds beyond minimum compliance
Organisations can gain significant business performance improvements by approaching the Protection of Personal Information Bill as a strategic opportunity rather than a compliance cost. There are advantages to be gained within a company, for example:
|