POPI Act compliance – three words causing an uproar in the industry. Event planners rely on a myriad of information in order to do their job properly – but adhering to POPI Act compliance is set to change the way we collect, store and manage this data. If you haven’t put protocols in place to ensure that you’re abiding by the law, here’s why can’t afford to turn a blind eye:
1. POPI Act compliance affects the way you store and collect all guest data
From guest lists to emails to RFPs – all content that contains the personal information of clients and guests needs to comply with the requirements of the Act. Implemented in order to protect the privacy of individuals, the onus is on event companies to make sure that they’re doing the best they can to secure any and all of the personal details they’re privy to.
2. Protecting your clients’ information involves far more than keeping guest lists secure
What many people don’t realise is that POPI Act compliance requires daily actions on the part of anyone who is privy to personal information. This includes data contained in job applications, email correspondence, employee details and guest profiles. POPI Act compliance isn’t just a once off – you need to approach all content that contains private information with care.
3. All content management systems – including laptops, intranets and software must be password protected
Leaving your laptop open while you pop out for lunch can result in far more dire consequences than someone changing your Facebook status. Make sure that you’re doing everything in your power to secure private information. This includes: all contact details, demographic information, employment and medical history, education, criminal records, private correspondence and importantly any personal opinions about the person in question.
4. POPI Act compliance requires that you notify the individual in question about any processing of their personal details
One of the Act’s stipulations is that besides ensuring the integrity and safety of personal information, companies are required to notify the individuals (known as the ‘data subject’) in question as to what data they have on file and then their intended use of the information. Importantly – and what many people don’t know – is that it’s also their responsibility to communicate the fact that they have securely stored this information, verify whether this data was given voluntarily and then ask the subject how long they’re able to keep it for.
5. POPI Act compliance relies on the use of software that can securely store data
All of your efforts to comply with the Act will be in vain if you’re not making use of event management software that’s also POPI Act compliant. Claiming ignorance is moot in the eyes of the law, which means that you need to ensure that programs you use are following POPI protocol. The protection of personal information will only become more and more important – to your guests and clients alike – which is why you need to be able to demonstrate that you’re adhering to POPI requirements. Failing to do so has severe ramifications, and besides possible jail time or a hefty fine, it’ll cost you your clients and reputation too.
Event compliance entails a multitude of considerations. Download our Event Compliance Checklist to make sure your events are on the right side of the law.