Insights

Legal

The Protection of Personal Information Bill

With the promulgation of the Protection of Personal Information law imminent and the need for organisations to undergo privacy compliance journeys, it is important that organisations understand the basic principles of protecting personal information according to the forthcoming law.

The Protection of Personal Information Bill

Protection of Personal Information or Data Privacy are terms that many South African organisations are only beginning to encounter. With the promulgation of the Protection of Personal Information law imminent and the need for organisations to undergo privacy compliance journeys, it is important that organisations understand the basic principles of protecting personal information according to the forthcoming law

Protection of Personal information Bill (PPI) will bring South Africa in line with international data protection laws and at the same time will protect personal information collected and processed by public and private organisations.

Personal information privacy presents a growing challenge as organisations must adapt and comply with complex international laws on how they handle personal information. The Bill requires organisations to establish appropriate policies and procedures to protect the various forms of data that are part of their business operations.

Understanding the importance of PPI

If you process information such as names, addresses, e-mail addresses, ID numbers, employment history, health data that are associated with an individual; or if you outsource your data to third parties, your organisation will have to comply with PPI. All organisations have personal information about shareholders, employees, customers, suppliers so PPI affects every area of your business.

Organisations need to consider:

  • The limited time to comply
  • The Bill should become an Act in the next three to six months. Business will be given a year to comply, but the full compliance procedure could typically take up to three years.
  • International privacy laws
  • Several countries already have strict privacy laws. If your organisation is doing business internationally, they are probably already in breach of the privacy laws in those countries.
  • System changes: these changes often require reloading or rearrangement of information. This may be an opportune time to implement aspects of PPI.
  • Non-compliance with the provisions of the Bill may result in criminal fines, civil liability and complaints to the regulator.

Identifying value-adds beyond minimum compliance

Organisations can gain significant business performance improvements by approaching the Protection of Personal Information Bill as a strategic opportunity rather than a compliance cost. There are advantages to be gained within a company, for example:

  • Technology gets the budget go ahead for middleware and data warehouses, new SAP modules, data security upgrades etc, which add value when linked to the overall business strategy.
  • Select technology to support more than just data integration eg. Option ranging from cloud to separate software and simple
  • Build a customer-focused organisation by digging deeper into existing customer data
  • Valuable information around customers and markets can be obtained through data analysis of personal information for purposes of PPI compliance
  • Employees’ files are updated and remain up to date.
  • Organisations who lead the market in becoming PPI compliant will earn customer respect and loyalty
  • Valuable insights can be found in an organisation’s existing database, ahead of customer requests for their data removal
Did you find this useful?

Related topics