The Personal Information Act (POPIA) came into effect as of 1 July 2020, with a grace period of a year in which any person or organisation who keeps any type of records relating to the personal information of anyone, unless those records are subject to other legislation which protects such information more stringently, must ensure that they are actively compliant.
If your company is not yet POPIA compliant, contact CTL as a matter of urgency.
Their officials could even face imprisonment for periods ranging from 12 months to 10 years.
The Information Regulator will also stop your organisation from processing information to ensure that you are unable to do business.
Reputational damage due to non-compliance is a material commercial risk.
Section 26 of POPI classifies certain personal information as ‘special personal information’, this includes the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information of a data subject.
Certain ‘special personal information’ of a data subject is protected and may not be processed unless proper consent is obtained in terms of section 27.
This consent differs from the existing legislative requirements to obtain informed consent for medical treatment or the disclosure of health information.
It will have to be obtained in addition to existing requirements. In terms of section 27 the consent obtained from the patient must include the following components:
· What information is being collected.
· What the information is going to be used for.
· How long the information will be kept.
· Who will have access to the information.
· Processing of information (eg to medical schemes).
The importance of compliance cannot be understated.
Talk to us if you are unsure.
Contact CTL Group Holdings (Pty) Ltd
Johannesburg
Tel: 011 794 7928
Durban
Tel: 031 765 4777
Email: queries@ctlgroup.co.za