POPI Is Law – What Should You Be Asking?

1.) Does The POPI Act apply to VeriCred?

Yes it does! The Protection of Personal Information (POPI) Act No. 4 of 2013 is applicable to every business in South Africa that collects, uses and stores or destroys personal information of a data subject (See definition below), which is entered into a record by the business using automated and non-automated means.

What is a data subject? – A data subject is the person to whom the personal information relates.

2.) Does VeriCred have to register an Information Officer?

Yes it does! The POPI act requires every business to register an Information Officer with the Information Regulator. The prupose of the Information Regulator is to protect data subject against harm and ensure that personal information is protected by responsible parties. Similar to the Public Protector, the Information Regulator can hold responsible parties accountable for not complying with the POPI Act accordingly.

3.) What does Personal Information refer to?

Personal information is extremely wide stated and is information relating to an identifiable, living natural person or juristic person and includes, but is not limited to:

  • Biometric Information: Blood type, etc.
  • Private correspondence
  • Opinions of and about the person
  • History: employment, financial, educational, criminal, medical history.
  • Contact details: email, telephone, address, etc.
  • Demographic information: age, sex, race, birth date, ethnicity, etc.

4.) Can I send personal information overseas and can personal information be returned to South Africa?

Yes you can, but there are restrictions. The applicable restrictions will depend on the laws of the country to whom the data is transferred or from where the data is returned, as the case may be.

5) For how long do I need to retain the personal information?

Personal information must not be retained (any) longer than (is) necessary for achieving the purpose for which the information was collected.

5) What is the sanction for non-compliance with POPI?

Sanctions include some potentially stiff penalties (including fines of up to R10 million) or imprisonment.

Feel free to download the complete article on the PDF provided below for more details…