The Protection of Public Information Act (POPIA) is not yet in effect, but the final POPIA regulations were signed into law in November 2018, with all indications that the Act will shortly become effective.
Although there is a 12 month grace period for compliance once the POPIA officially comes into play, companies should start preparing their data processes now to avoid the risk of non-compliance.
This is according to Christopher de Zeeuw, founder and MD of Capisol Software, who says: “The main driver behind POPIA is to improve the security of, and to protect, personal information – that is, in terms of how it is collected, stored and used.
“Once POPIA comes into effect, companies will have to comply with strict codes of conduct surrounding data and document management,” de Zeeuw advises. This will place massive pressure on accounts and administrative departments, in order to ensure all information is handled correctly.
“One of the important differences between the European GDPR standard and our local POPIA is that the local legislation extends to all juristic entities, and is not limited to individuals’ information as with the GDPR.”
He furthermore cautions: “Management and business owners must remember that under POPIA, the responsibility and accountability for ensuring the protection of personal information is on the owners or leaders of that company, specifically the Managing Director (MD). While an MD can delegate the responsibility of data protection, the ultimate accountability still falls on the MD, according to the Act.”
De Zeeuw points out that all local companies will be impacted by this piece of legislation, and the biggest concern for Managing Directors and business owners, is how this sensitive data is controlled and stored. All Managing Directors are recognised as being the Company Information Officer (CIO) by the Act, and take full responsibility for the risk associated with their data being used and stored by the company.
“Opting for a cloud-native and automated document management solution that integrates to your own systems is the most effective way of ensuring your data is truly secure; as well as eliminating the risk of human error when processing information that falls under POPIA,” he says.
“With an automated document management system, all documents are instantly accessible and there is no need for time-consuming searches through various folders, files or on peoples’ desks to locate a document. This also means that when requested to delete or remove a document, this can easily be done at a central location with audit tracking.
“Further to this, by maintaining your master data in one system and ensuring all systems ‘sync’ with this one single system, companies can ensure compliance and effect a request to remove details. Take the simple task of emailing an invoice or statement to customers. In the instance where this process is done manually by staff via their own email accounts, it becomes impossible for a client request for a change of details to be controlled with certainty. Expand on this example, to a call centre and multiple agents working on customer accounts and the risk increases exponentially.
“Companies are also at risk if they receive an instruction to stop emailing a customer for example, but the details are not updated through all systems and an email is sent after the request has been logged. This ‘transgression’ could be reported to the regulator – and even if it does not result in a fine, it will be an inconvenience and could potentially result in negative publicity too,” he explains.
“It is therefore essential that all your systems talk to each other, and that an update in one place is able to be pushed through to all other systems. This is especially relevant for your document management system. The more automation you have, the lower your risk,” he says.
Once POPIA comes into effect, businesses will face a long road of ensuring their different data and document storage systems are compliant across all departments.
It is therefore crucial that business owners do their due diligence now, and opt for the most effective data management and storage solutions. No matter what type of data storage solution businesses opt for, the accountability still lies with the company which collects and uses this information. If any part of the process fails, the onus will lie with the CEo or the chief financial officer, not with third-party suppliers.
“The best advice is to start streamlining your data and documentation process now, in order to avoid last-minute – and potentially very expensive – overhauls of your entire financial document process.
“We strongly recommend that businesses take the decision to ‘stand out from the crowd’ for the right reasons, and adopt automation and good business practice – while also ensuring compliance with POPIA – sooner rather than later,” he says.