TLDR: To be compliant with POPIA, your website needs to have a Privacy Policy, Terms of Use, Cookie Policy, PAIA Manual and Cookie Acceptance. We can help you implement these if required, and there’s a free website POPIA checklist you can download below:
The scandal involving Facebook and Cambridge Analytica forever altered the future of the online experience. Online privacy used to be an oxymoron – it’s now law. Everyone remembers hearing about GDPR, and locally the Protection of Personal Information Act (also called POPI or POPIA), but few have really taken the seriousness of data privacy, well, seriously – until now. The act came into effect 01 July 2020 and companies had 12 months to ensure compliance. That means that all South African websites – business or personal – must be compliant with the POPI Act by 1st July 2021, something that leaves most website owners scratching their heads. So, we’re here to tell you why POPI is so important, what you need to be doing to become compliant, and how you can go about doing so.
TAP HERE TO DOWNLOAD OUR POPIA WEBSITE CHECKLIST
Why is the POPI Act important?
People have the right to privacy, and this extends to the internet. As website users, we have the right to know exactly what information is being collected from us – and if there is data being collected, what will the collectors of the data do with it? Honestly, don’t you want to know if a website is passing your details onto a telemarketing company? Answering any and all questions website users might have about their privacy while on your website is what POPIA is all about. It’s about making your stance on data processing available to everyone.
What does your website need to get POPI compliant?
There are four important pieces of information that will have to appear on any website in order to be POPIA compliant:
- Website Privacy Policy – A website privacy policy document is a page, usually linked to in the bottom area of a website, that outlines and explains how the website (and the organisation who owns it) will collect, protect, and utilise the information users might share (contact forms, newsletter sign-ups).
- Cookies Policy – Cookies are bits of information websites collect about user interactions with websites. This ‘behaviour tracking’ is called cookie collection, and the website’s Cookie Policy details the types of cookies being tracked and by whom.
- Cookies Opt-In – Speaking of baked goods, your website will be in hot water if you don’t have a cookies opt-in. This is a pop-up or section of the website that requests visitors physically accept that their cookies will be on display while browsing the site. To be fully comliant, the cookie policy needs to allow the user to either accept all cookies, select which cookies accept or to disallow all cookies. A simple notice saying the site uses cookies is not acceptable.
- Terms of Use – This is a document (or section of a privacy policy document) that informs the website browser of the terms of using the website. An example of this is the above cookies policy pop-up, where users of the website are prompted to accept cookies in order to stay protected while browsing the website.
- PAIA Manual – The Promotion of Access to Information Act (PAIA) is legislation that ensures website users have access to any and all of their personal information being held by the website owners. A PAIA manual should be made available on every website, detailing the steps website visitors can take to receive access to their personal information.
TAP HERE TO DOWNLOAD OUR POPIA WEBSITE CHECKLIST
What business owners should be doing
The first thing any business owner should do to get POPIA compliant is to reach out to their HR department or attorneys to draft the documents required. They then need to contact their website developers. These are the individuals who will be able to upload the above five documents to your website. If you’ve built your own website, you can find examples of these documents online which you could edit for relevance and then upload.
We can help your website get POPI compliant
If you’ve lost the contact details of your website developer, or you just don’t have the time to sort this out yourself, we’re here to tell you one thing: give us your website, and we’ll make you compliant! We have worked with our HR and Legal team to develop template documents which we can edit for your company. All you need to do is get in touch with us, show us your lovely website, and we’ll do the rest.