The enforcement of the Protection of Personal Information Act (POPI) is expected to be announced by the President in the second half of 2016 following the national elections. Once commencement of the act is announced, there will be a one-year grace period for organisations to ensure compliance and by the end of 2017 the Information Regulator is expected to begin implementing fines and prosecution in the event of a violation.
The maximum penalty for a violation of the POPI Act is R10 million or up to 10 years in jail. This is particularly distressing, because a 2015 Records and Information Management Trends Index commissioned by Metrofile indicated that 22% of South African businesses have not started to implement measures to ensure compliance with POPI when it comes to record storage and management.
In addition to this, 58% of businesses are not aware of the penalties relating to noncompliance. The implementation of POPI is truly drawing near now and it is becoming vital for all South African businesses to take the necessary steps to ensure complete compliance and to tailor their business practices accordingly.
Some businesses feel the enactment of POPI will place a significant amount of pressure on the resources of the organisation, however 37% of organisations have not outsourced any POPI related services. In light of the significant pressure that will be placed on unprepared businesses, the decision to outsource their POPI related responsibilities such as secure record storage, management and destruction, may be an ideal solution – especially considering the enormous penalties for a violation.
With the limited amount of time left to ensure compliance, the decision to outsource these services does not only have the potential to protect the business from irreparable reputational damage, but can also save the business money in the long run through the avoidance of fines.