It is vital that small and medium business owners understand that POPIA compliance is required of them, by law. If they fail to comply, they will be held accountable with the penalties of fines and/or imprisonment. Nobody will be exempt from POPI compliance, regardless of how small their database of information is.
What does this mean for small and medium businesses?
POPI compliance regulates the way personal information is processed. If you have clients or customers or employees, you have personal information. That’s the long and short of it. How you process this information, must be in line with POPI legislation.
Remember! POPI compliance is there to ensure that information is processed lawfully, and safeguarded!
Every data processor (that’s you, that have information about clients, customers, and employees) is accountable for their compliance.
If you have information about individuals for example their contact details, communication records, banking information, demographic information, their address, or personal history, then you are required by law to have the policies and processes in place for POPI compliance.
Ask yourself these 5 questions about your business’s POPI compliance:
- How are you protecting the information you have against fraud, theft, or unauthorized exposure?
- Do you have processes for obtaining that information legally, and do you have consent to enter into communication using that information?
- Can it be easily understood where that information is stored?
- Can it be easily understood how that information is used (processed) electronically and physically?
- Can it be easily understood what the reason is for having that information, and who can access it for what reasons they access it?
If you answer No to any of these questions, then you’re liable to a penalty for non-compliance, even if you only have 5 customers’ information. If you can answer Yes to each of these questions but you cannot prove it in any way or have no documentation to support your answers, then you are liable to penalties for non-compliance.
Small and medium businesses are not exempt from compliance, but they do have the advantage of less intricate compliance procedures, which means they can become compliant with relative ease. The cost of ignoring compliance is too high to risk.