By Jeandie Leone, Commercial Manager at Workforce Staffing
The Protection of Personal Information Act (PoPIA) comes into full effect from 1 July 2021. This date should come as no surprise to anyone or any business, as we have all had a year to come up to speed. However, in reality many organisations are finding themselves scrambling with less than 80 days to go. The legal compliance landscape as a whole is challenging to come to grips with, which is where Temporary Employment Service (TES) providers can offer assistance. Ensuring your TES provider is PoPIA complaint will make at least the staffing aspect of the business compliant, leaving businesses to focus on other core areas that may need to be urgently addressed.
Penalties for non-compliance
Businesses have been struggling not only with PoPIA, but legal compliance in general. The legislative landscape changes constantly, and without dedicated resources to ensure compliance, businesses may be unaware that they are at risk. The reality though is that ignorance is no excuse in the eyes of the law, so should businesses be in breach they are still liable for the consequences.
The penalties of non-compliance with PoPIA can be severe, ranging from fines up to R10 million for serious offenses to jail time of 10 years. Businesses need to appoint an information officer tasked with compliance, who will be registered with the information regulator. Should there be a compliance breach that needs to be investigated, the information officer will be the go to person.
They will also be the one who could potentially face the consequences should it be proved that the breach resulted from lack of due effort, or from negligence on the part of the business. Should the company not have an information officer, then the CEO or MD will face the blame.
Recovering from Covid
As the economy begins its recovery after the Covid-19 lockdowns, businesses have begun hiring again. What they need to always bear in mind is that PoPIA is a broad-ranging legislation, and it encompasses every element of business, including staffing and hiring. From recruiting candidates to the way information is handled, including employee, supplier and third-party data, and the IT systems that process it, everything must be PoPIA compliant.
Compliance is not only the hugely publicised data breaches, it goes right down to filing systems, how paperwork is retained and destroyed, who has access to it and more. PoPIA also requires businesses to disclose what information is being gathered, for what purpose, and how it will be stored. The definition of personal information is also broad, including signatures, medical history, ID number and even employment history. When it comes to staffing, this particular area also incorporates numerous other laws and legal requirements, making it challenging for many businesses to get to grips with.
TES can help
Outsourcing staffing to a TES provider can assist businesses with their PoPIA compliance initiatives. An experienced provider will have many years of industry knowledge and experience to draw on as well as the relevant legal teams and information officers to ensure compliance. A compliant TES provider will ensure that all policies, practices and IT systems comply with all relevant legal requirements, and will ensure that information is processed according to the applicable legislation.
Outsourcing the staffing and recruitment function, or even an entire business process through Business Process Outsourcing (BPO), can ensure that one or several areas of a business are PoPIA compliant. This enables businesses to turn their focus to other areas that require attention in order to ensure compliance.
Ultimately, PoPIA compliance is a must for all businesses of all sizes in all industries. However, it need not be seen as a burden, as outsourcing some functions, such as staffing to a TES, can ease the strain. In addition, it will likely benefit businesses to ensure their processes are compliant, by ensuring a more streamlined approach to data that will improve business efficiency. As we approach the deadline, businesses need to take urgent steps to mitigate their risk of non-compliance, before it is too late.