While there was a lot of press relating to the GDPR deadline on 25 May 2018, and what companies should be doing as last-minute remediation exercises, South African companies should certainly be watching closely, as these regulations are already appearing in the POPIA (the Protection of Personal Information Act, with an expected commencement date circa 2019) draft versions.
According to the Information Commissioner’s Office in the UK, there are 12 suggested steps to take to ensure compliance. Most of them focus on internal processes. I have highlighted two of the steps (below) which will require pro-active, immutable communication with your customer base.
#3 – Review, change and communicate your privacy notices and information, as there are certain additions you need to publish e.g. you need to explain your lawful basis for processing the data, and that individuals have the right to complain if they think you are in breach of regulations.
#7 – Review how you obtain, record and manage consent, and distribute refreshed consents if they don’t meet the standard. Whilst there is a detailed guide available, the consent needs to be freely given, specific, informed and unambiguous. It also needs to be granular, clear, prominent, explicit, properly documented and easily withdrawn.
As a separate reference, the leading ICT attorney firm, Michalsons, has published their action list of things to do as soon as possible.
Item #1 on their list is to learn from other jurisdictions. It is wise to learn from your mistakes, but it is wiser to learn from the mistakes of others. GDPR lessons are being learnt daily, and will add value to all of your POPIA processes.
Also included on their list is agreeing to new data processing agreements, and enabling the right to be forgotten. These tasks require extensive customer engagement, and relying on paper processes to achieve this may not provide the required results, especially when there is the potential that your entire book will be remediated.
The penalties for non-compliance are severe, and it simply isn’t worth waiting until the last-minute to remediate.
…so drop me a line – I’d love to hear how your customer interaction strategies are evolving.