The day has come when we must comply or face the consequences. The additions to the Protection of Personal Information Act (PoPIA) came into effect on 1 July 2021 and aim to protect companies against data breach and the misuse of personal information.
We, as the media and communications industry, are one of the industries that will be affected most by this legislation as we use clients’ information to achieve their marketing and communication objectives. In the era of digital marketing, this is extremely important for all of us to be taking steps to be more responsible with the data of the customers we serve.
Here are a few things to think about, to help you understand and respond to the changes in the Protection of Personal Information Act.
To appreciate the importance of the Act, we need to reflect on all the different stages where information is being collected. Research is the practice of Information Gathering and the PoPIA means that we should be more responsible about the way we are gathering information to inform our campaigns and strategies.
Once information has been gathered, the Processing of Information also requires responsible practice to maintain integrity and quality of data. Information sharing as the media and communications industry is crucial. We should be mindful that we share consumer information as well as product information on multiple channels, from television and radio broadcasting to other publishing platforms for advertising and marketing purposes.
Here are some examples of how we should be thinking about PoPIA in the context of various communication channels.
Email newsletter communication – Most people typically send email newsletters using an automated system, so double-check that your system is compliant and all the correct permissions are set. Subscribers must be able to opt in, to the communication (usually via a website subscribe form), and they have the option to opt out at any time via an unsubscribe link.
Opt-in on website registration – If your website allows for online registration, ensure there is a marketing preferences checkbox that the user must tick to receive marketing communication.
Cookie consent – You will need a cookie consent notice on your website. Initially, PoPIA wasn’t clear on whether this was an absolute requirement; I say rather be safe than sorry.
Also – The European GDPR regulations say absolutely “yes”; so if you have global traffic, this must be in place. It is also important to remember that you need to enable the ability to remove customers’ personal information. Under PoPIA, customers have the right to request that their personal information is expunged (a fancy word for “deleted”).
Direct marketing – PoPIA gives direct marketers only one chance at obtaining consent from a potential customer. For instance, if you obtain an email list of potential customers, you may send them one communication asking if they would consent to further marketing. If they do not consent, you cannot ask them again.
WhatsApp – Administrators of business or product groups will be required to obtain consent for being part of that WhatsApp group. As such, the members are entitled to refuse such consent and may exercise such a right by leaving that group.
There are also some very real penalties for non-compliance. PoPIA clearly states that should companies fail to comply with its requirements, they are likely to face penalties of up to R10m or possible jail time. Therefore, it is not an option for those companies to avoid compliance.
Apart from jail time and fines as repercussions, reputation is important to keep in mind, because no potential client would want to be affiliated with an organisation that does not adhere to regulations; which is also at risk of experiencing data breach due to the lack of proper cybersecurity measures as per PoPIA requirements. Ultimately, the PoPIA is designed to create more responsible marketing practice. This marketing practice has a beneficial effect on the industry as whole, from businesses right through to consumers.
By Musa Kalenga, chief future officer, Brave Group