POPIA Winter is coming. This is a big challenge for companies in South Africa. It’s not quite the threat that the white walkers pose in Game of Thrones, but it does keep whole compliance departments awake at night.
In order for a company to communicate with its’ customers, they must now obtain ‘explicit consent’ to do so, and the Protection of Personal Information Act 4/2013 (POPIA) requires a higher standard for consent mechanisms than are typically present in current business processes, for example:
- Consent should be separate from other Terms and Conditions
- Pre-ticked opt-in boxes are not permitted
- Concise records demonstrating the consent obtained must be kept
- Withdrawal of consent must be an easy, transparent process
Registered Communication has guided customers through this gauntlet before. General Data Protection Regulation 2016/679 (GDPR), the equivalent EU data protection law in Europe, took effect in May 2018 and had similar requirements1 and 2. Our technology was incredibly successful in obtaining consent while complying with GDPR requirements.
How does Registered Communication obtain consent?
We will send your existing customers a Registered SMS and/or Registered Email directing customers to a Consent Page. Your customer selects the clauses they wish to accept and we issue and store the immutable documentary evidence. This process simplifies both the notice distribution to your customers, along with all the tasks associated with compliance audits. You won’t need to build a wall to protect yourselves from the auditors.
Failure to adhere to these requirements can result in regulatory fines of up to R10 million, and prison terms of up to 10 years. The first high-profile regulatory fine in this regard was a EUR 50 million fine handed to Google by the French data regulator for GDPR breaches (2019)3. Those white walkers come to mind.
For more information email info@registeredcommunication.com
Sources:
2 http://www.derebus.org.za/unscrambling-the-general-data-protection-regulation/
3 https://www.bankinfosecurity.com/france-hits-google-50-million-euro-gdpr-fine-a-11959