It is critical for organisations that process personal information of employees, customers or other juristic persons (companies, trusts and so on) to implement organisation-wide privacy initiatives in order to comply with the conditions of the Act. Compliance will have an impact on the processes, technology and manner in which employees handle and process personal information. The Act provides for a one-year implementation timeframe, but from experience we know it can take a lot longer.
Issues you may be facing
- The PoPI conditions impact technology, processes and the manner in which employees process personal information.
- Personal information may only be used for the purpose agreed with your customers and employees.
- Marketing by means of unsolicited e-mail is prohibited unless certain provisions apply – organisations need to implement opt-in and opt-out strategies.
- Personal information may only be retained for as long as necessary – organisations need to specify retention periods.
- Organisations should not process more personal information than is necessary.
- Processing of special personal information is prohibited unless certain provisions apply.