After 30 June 2021, a business can face a fine or jail time for non-compliance, therefore it has many implications with your website and direct marketing.
How personal information is captured, what it is used for and the need to obtain consent from users has become a legal requirement. There are eight conditions including consent, purpose, notification, quality, and security. Your website now needs to address all these areas explicitly. You need to actively review every instance where you are asking your users to provide you with their personal information, be it through your mailing subscription, contact form, shopping checkouts or any other method. It is essential that there is an opt-in and opt-out functionality which can be done through tick boxes and consent buttons.
Security on websites has also become a big concern in South Africa over the years. Security certificates (https page address) and having security plugins, such as iThemes and wordfence, has become essential with the POPI act.
To help you overcome the risk of violating this act, here is a checklist to ensure that you are POPI compliant:
- Appoint: One of the first steps is to appoint and register your Information Officer with the Information Regulator
- Review: Analyse your existing privacy policies and ensure they cover all aspects required by the POPI act, including consent, purposes, sharing and destruction. You need to be very clear about how, why and for how long you intend to use their personal data.
- Gain Consent: Any form of direct marketing, such as email and SMS, will no longer be allowed unless the user has consented to receive this communication or is an existing customer.
- Unsubscribe: All electronic communications must contain an unsubscribe option and businesses need to comply when a consumer requests that they no longer want to receive communication from you.
Here are some tips to assist you further:
- Only collect data that is required and relevant. If you only need the users email address, then don’t request their phone number or their physical address!
- Ensure all personal data that you have is stored in a safe place, such as on a cloud backup.
- You should only store the data for as long as you need it. If your employee resigns or a client has cancelled its services, you should remove their data from your system.
- If a customer requests to be removed from your database or asks to see what information you have on them, you must allow this – they have every right to ask!
- Ensure everyone in your organisation understands the POPI act and its implications.
If you need assistance in getting your website POPI compliant email us on firstname.lastname@example.org
You can also visit the Government website here: https://www.justice.gov.za/inforeg/