Don’t panic about POPIA – 4 practical steps towards compliance in direct marketing
POPIA is officially here. As of 1 July 2021, following a 12-month grace period, the Protection of Personal Information Act, or better known as the “POPI Act” or “POPIA”, has come into effect. However, many businesses and marketers are still delaying the process of implementing the new regulations and are unsure of what measures they need to take to be compliant with the Act.
Why POPIA was put in place
In recent years, there has been a global focus on how to protect personal information and fend off data breaches. South Africa was behind the curve in this regard and needed legislation to prevent information misuse, and protect the individual’s right to privacy.
Hence, the POPI Act was developed, with the goal of promoting the protection of personal information, safeguarding companies from data breaches and cybercrime, and preventing intrusive marketing practices.
New opportunities for businesses
Although POPIA introduces additional regulations that businesses must comply with, experts believe it should be viewed as a positive step forward for South Africa. This brings the country closer to global data protection standards, much like the widely used European Union’s General Data Protection Regulation (GDPR) laws.
For South African organisations and enterprises wanting to operate in the global market, making the required changes in line with the Act could boost success and widen the net of opportunities. The legislation not only removes the administrative barriers that can hamper international business, but it also positions South Africa as an appealing destination for foreign investment due to having proper data regulation policies in place.
What POPIA means for direct marketing
The global shift is beginning to bring clear alignment to direct marketing consent and data-protection policies, and with the demise of 3rd party data, legislation such as POPI are becoming more relevant and necessary.
In an age where cyber criminals are sharpening their skills , businesses have to take responsibility for how they collect, share, protect and govern access to customer data.
Because the scope of the POPI Act is broad, ‘Direct marketing’ has its own specific set of conditions in the Act that speak to marketing communications.
Here are 4 practical steps you can take towards direct marketing compliance:
1. Establish a data rights procedure
If you hold someone's personal data on file, that person is a data subject whose rights must be respected in accordance with the POPI Act. All data subjects have the right to access, correct, or request the deletion of their personal data. Be sure to establish a procedure for how you will be handling these requests.
It may be necessary to approach a legal specialist to assist you with the drafting of proper consent forms, notices and privacy policies in line with the POPI Act.
3. Review your marketing contact database
Any recipient of your marketing communications must either:
Give consent, that is
a. Voluntary - Consent must be "opted-in" to your communications, - you cannot assume someone has consented. There must be an expression of will, for example - someone must check a box or click on a link as an action, confirming their desire to be opted-in;
b. Specific - Requests for direct marketing consent must be made separately from other requests. It must relate to a specific purpose (for example, to contact customers about insurance products). You must specify your communication’s purpose;
Be an existing customer
You may continue to include “existing customers” in your direct marketing on these conditions:
a. You market products and/or services that are similar to those when you’ve first acquired their personal details;
b. The person has the option to opt out or unsubscribe with each marketing communication sent.
4.Continuously update your database with customer preferences
Customer databases must be managed more effectively in order to adhere to requests from consumers wanting to opt-out of marketing communications.
This means proper records of customer information including:
a. Where, how and when information was initially obtained;
b. If the person is an existing customer and, if so, in respect of what products or services;
c. Whether consent was obtained to receive direct marketing;
d. Whether the person has unsubscribed from any direct marketing communication.
Mobiz features to help you become and stay compliant
Implementing the changes that the POPI Act brings doesn’t have to be a daunting task. If you’re unsure about whether you have the required opt-in from your customers, there are easy ways to obtain consent.
Marketing tools should support compliance and assist to uphold data governance standards. Mobiz ensures that our customers have access to multiple tools to assist with compliance, such as:
- QR codes to obtain consent and collect 1st party data
- Double opt-in SMSs
- Automatic Opt-Out list management
- Data retention policy for unused customer data
- Secured (SSL certificates) landing pages
- Secure data upload which is encrypted both in transit and at rest
Speak to one of our SMS marketing experts for more information on how we can support your compliance journey with Mobiz and SMS marketing.