Page 30 - Q&A 2019/2020
P. 30

New regulations provide more clarity on POPIA

            Nanette Janse van Rensburg
            February 2019

            “I’m  the compliance  officer for  our business  and have  been  tasked with
            responsibility for POPIA. I saw a media report on regulations being promulgated
            and was wondering if there is anything of importance that I need to take note
            of in them for our business?”

            You are correct that new regulations (“Regulations”) to the Protection of Personal   Commercial
            Information Act (“POPIA”) have been published in December 2018. However,
            these Regulations will only come into effect on a date to be determined by the
            Information Regulator.

            The Regulations essentially address a number of procedural aspects under
            POPIA, of which a few are especially important to take note of for your business
            once they come into effect.
            The Regulations contain a number of prescribed forms which amongst other
            regulate how a data subject can object to the processing of their personal
            information and how a data subject can request a correction, destruction or
            deletion of personal information.
            Also of importance for businesses that engage in direct marketing, is Regulation
            6 which provides that a responsible party who wishes to process personal
            information of a data subject for the purpose of direct marketing by electronic
            communication must in terms of section 69(2) of the Act submit a request for
            written consent to that data subject on Form 4 to the Regulations. This Form 4
            essentially requires that the responsible party must identify themselves and their
            contact details, identify the data subject, afford the data subject the option to
            consent to receiving direct marketing in respect of good or services by way of
            a specified method of electronic communication (fax, e-mail, sms), and have
            the consent signed.
            Fortunately, “Form” is defined as “a form referred to in the annexures to these
            Regulations or any form which is substantially similar to that form” [our
            emphasis].  Therefore, it means that the responsible  party could  use other
            means of obtaining the consent as long as it contains the elements prescribed
            in Form 4 and a record thereof exits. This would in our view, be able to include
            an “I accept” button or link in an email or on a website or app or even a voice
            recording of a data subject agreeing telephonically to the direct marketing,
            as  “signature” includes an  “electronic signature” which is defined as data
            attached to, incorporated in, or logically associated with other data and which
            is intended by the user to serve as a signature.







                                                                        24
   25   26   27   28   29   30   31   32   33   34   35