Organisations have been given a very clear mandate by the South African government – comply with the incoming Protection of Personal Information Act (POPIA) by July 2021 or face the consequences.
In that, this act is similar to the European Union’s General Data Protection Regulation of the European Union (GDPR) that it is one of few acts that applies penalties to non-compliance. However, this similarity doesn’t mean that organisations compliant with the GDPR are now compliant with POPIA. There are fundamental and critical differences between the two acts that require deeper engagement with the regulations to ensure that those organisations with GDPR compliance are prepared for the additional elements that POPIA will bring.
Organisations cannot afford to be complacent about compliance. It is critical that every organisation determine which Acts and regulations are relevant, and then embark on a strategic plan to embed this compliance throughout the organisation.
For organisations that have a global presence, compliance with the GDPR makes sense. It ensures that they adhere to best practice when it comes to information protection, privacy and management, and it reassures their clients of a robust stance on regulation and compliance.