The Protection of Personal Information Bill should become an Act within the next year. It is essential for marketers and entrepreneurs to know what impact the bill will have on business procedures. It is best to be proactive towards the POPI Bill rather than passively complying with it. A proactive approach will give any organisation a strategic advantage in the market.

Purpose of the POPI Bill

The purpose of the POPI Bill is to protect the right to privacy of the processing of personal information; and to balance the right to privacy against other rights, such as the right of access to information.

This change to the law influences email marketing and database marketing because the processing of information for direct marketing is prohibited unless the company can gain consent from the person involved.

How does the POPI Bill affect me as a marketer?

Correct application of the POPI Bill will mean that your marketing campaign will not be aligned with spam. The bill addresses spam in Chapter 8, which regulates the rights of persons in respect of unsolicited electronic communication and automated decision making.

The basic principle of Chapter 8 is that if a data subject does not respond to a reasonable party’s invitation to make use of its direct marketing advances, the responsible party will not be allowed to contact the consumer for a second time. This is often seen in the “opt in” or “opt out” approach that allows the subject to either consent or object to an offer.

The POPI Bill does not place a ban on email or database marketing. Organisations and marketers can use the principles of the POPI Bill to build a customer-focused organisation by digging deeper into existing customer data. Organisations who lead the market in POPI Bill compliance will earn customer respect and loyalty. For marketers, there is valuable information around customers and markets that can be obtained through data analysis of personal information.

Becoming POPI compliant

Marketers and organisations can gather valuable information around customers and markets through data analysis of personal information for the purposes if POPI compliance. Updating your customer inventory and personal information in accordance with the POPI Bill will show your dedication to serve the customer with the most up-to-date and considerate marketing methods.

Use the following POPI Bill implementation checklist to check your compliance:

* Audit the processes used to collect, record, store, disseminate and destroy personal information. Prevent the information from being lost or damaged, or unlawfully accessed.
* Define the purpose of the information gathering and processing.
* Limit the processing parameters.
* Take steps to notify the individual whose information is being processed and for what purpose.
* Processing by a third party must be compatible with the purpose for which the data was initially collected.
* Ensure information is complete, accurate and not misleading.
* Notify the Information Protection Regulator (when one is established after the Bill is enacted) that you have been processing personal information.
* Accommodate data subjects’ requests to know what third parties have access to their information.
* Know the restrictions for sending personal information out of South Africa.

When will the POPI Bill be law?

The POPI Bill will be passed within the next year, so it is advisable to become familiar with it. The latest version is available here.

There are risks for organisations who do not comply with the Bill, so to ensure that you are leading the market. Familiarise yourself with the POPI Bill as soon as possible.