COVID-19 lockdown and the protection of personal information

Mar 26, 2020

The coronavirus (COVID-19) pandemic has gripped the world and South Africa has been no exception. President Cyril Ramaphosa announced on 23 March 2020 that a 21 day nation-wide lockdown would be in effect from midnight, 26 March 2020 up to midnight, 16 April 2020.

Whilst the lockdown is something that is entirely outside of your control, every business owner must ensure that it at least controls what it can. Ensuring that your business complies with the Protection of Personal Information Act (POPI Act), once it commences, is one factor you can manage by making sure that your business can continue to function during these unprecedented economic times.

During the lockdown period the entire country, or at least those businesses who consist of the necessary means to continue to operate remotely, will be doing so. Most business’ manual analogue operations will be halted or, at least, severely limited. Although the majority of electronic systems are expected to experience strain and backlogs, they will continue to operate, specifically in those instances where business transactions can be concluded entirely via electronic means.  It remains important to bear in mind that these systems will most likely operate under severe strain and pressure. Whilst service providers carry great responsibility to ensure continued and uninterrupted use of these systems, it is something which, in these uncertain times, they unfortunately cannot guarantee.

With South Africans obliged to stay at home, resulting in an increase in online electronic activity (whether it be for business or recreational purposes), and with the proposed implementation date for the POPI Act looming ever closer, it is essential for every business to consider their existing data protection mechanisms and systems, especially now that a large portion of their workforce will be operating form various remote sites and away from their usual place of business and on-site systems.

Globally COVID–19 has placed a shadow on almost every other matter which, prior to the pandemic, seemed to be dominating the media and news.  It remains to be seen whether or not the President will still announce that the POPI Act will come into effect on 1 April 2020.

Once the POPI Act comes into effect, businesses will only have a one-year grace period to comply.

Compliance with the POPI Act entails consideration and decision making at top-level. It is not a mere tick box exercise of choosing systems and measures to be put in place without proper thought, consideration and assessment of relevant expert advice and assistance.

No business will be immune to complying with the POPI Act once it becomes fully operational and the penalties are, or might be, detrimental to any business – even more so in a times like these where the entire global economy is already under severe constraint.

Protect your business during these uncertain times and make sure that you at least control what you can. Consult with our experienced legal advisors with regard to your current systems and protocols and ensure that you have the necessary data and information protection mechanisms in place during this lockdown period.

PR de Wet, Director: Commercial Law and Tax

Hayley Level, Associate: Commercial Law and Tax

Related Posts

#POPIpack™ Packs

The core minimum documents included in our different Packs are geared to help your organisation address its POPIA compliance from a legal documents standpoint. No matter the Pack or, if preferred, if separate legal documents are bought, every document has been carefully considered and drafted by legal professionals and is geared to provide the core minimum legal agreements.