Legislature produces more governance related legislation

Jul 21, 2020 | Info Brief

Certain essential aspects of the Protection of Personal Information Act, 2013 (“the POPI Act”) that were scheduled to be promulgated by the State President on 1 April 2020, have now to come into effect. The POPI Act gives effect to the

constitutional right to privacy that is enshrined in Chapter 2 of the Bill of Rights of the Constitution of the Republic of South Africa. It also tries to bring South Africa into line with privacy legislation elsewhere in the world. Certain provisions of the Act, such as the establishment of the Information Regulator, have already been implemented. Although Sections 110 and 114 (4) will only come into effect on 30 June 2021, the sections that have now been proclaimed by the President of South

Africa to commence on 1 July 2020 will have the most impact on juristic bodies, such as golf clubs. The requirement is for organisations to be fully compliant with these sections by 1 July 2021. However, it stands to reason that Golf Clubs should attempt to comply with the provisions of the POPI Act as soon as possible. Golf Clubs need to consider the following.

 Appointment of the Privacy Officer role. By default, the head of the organisation is the Privacy Officer. However, the

 Application of a risk-based approach to achieve compliance of the POPI Act and get agreement by the Golf Clubmebody else at the Golf Club?

 Application of a risk-based approach to achieve compliance of the POPI Act and get agreement by the Golf Club Management Committee to ensure that the POPI Act remains a priority.

 Integration with existing compliance structures as the POPI Act has a compliance requirement and much effort can be saved by integrating it into existing compliance structures and processes.

 Alignment with other initiatives to coordinate the Golf Club’s POPI Act initiatives with related initiatives within the Golf Club, such as data classification to avoid unnecessary duplication of effort and ensure alignment to business objectives.

 Driving behavioural change through training and awareness to ensure embedding privacy into the culture of the Club.

 Look inside the Golf Club for skills, but reach out for assistance from professionals, such as those with multi-disciplinary teams between privacy, legal, data, advisory and cyber security specialists where the Golf Club does not have the skills within the Golf Club.

What happens if your Club does not comply?

Non-compliance with the POPI Act can have serious repercussions for the Golf Club, its employees, its customers, for example Members, and an impact on the Club. In this regard, there could be financial penalties, criminal sanctions, loss of revenue resulting from negative press, damaged reputation, and loss of Members’ trust in the management team.