The operative provisions of the Protection of Personal Information Act 4 of 2013 (POPIA) came into effect on 1 July 2020, with a grace period of a year in which companies must ensure that they are compliant. Companies must ensure that their business practices and the way they interact with customers, clients or consumers adhere to the requisite privacy laws, as well as confirming that the way they collect, store or process their employees’ information aligns with the protections set out in POPIA.
CDH’s POPIA compliance checklist seeks to assist businesses (noting that POPIA applies to both public and private bodies) with a general heat map to check its compliance levels and areas of risk relating to POPIA compliance and has merely been provided to assist in expediting the POPIA compliance process.
The checklist does not make provision for every eventuality and serves only as a useful guide to assist businesses to start focusing on the most common instances where businesses need to be POPIA compliant. The checklist should in no way to be construed as a substitute for seeking legal advice to ensure that your business is fully compliant with the requirements of POPIA.