How POPI affects your digital database: the marketer's guide

With the Protection of Personal Information Bill (POPI), your database could soon be on the wrong side of the law. Here’s how to keep it legal.

A strong database is the first step to nurturing customers down a path to purchase, but how that data is gathered can be the difference between a decade of imprisonment and healthy marketing.

If you’re using inbound marketing, you’ll know that data collection is a key part of a successful marketing strategy. Inbound marketers get potential customers to ‘pay’ for enticing and valuable content with their personal information - from as little as an email address to as much as their job title and personality descriptors.For years though, traditional marketers have also gathered and even purchased databases wholesale to widen the net for potential leads. We’ve all lived with the effects of that relaxed attitude to personal information: we’ve been harassed by cold calling, unwanted mails and SMSes, but with South Africa’s new legislation, the Protection of Personal Information Bill (POPI), that will all be a distant memory.

For the man on street this will be a breathe of fresh air, but it means marketers are going to have to tighten their belts on their data collection policies.

What is the purpose of the POPI Act?

As WorkPool, a business management company, explains, “The purpose of the POPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity's personal information by holding them accountable should they abuse or compromise your personal information in any way.”

In essence, POPI views personal information as something valuable, “precious goods”, and aims to empower the average person with rights, protection and the power to control that information.


How does the POPI Act affect marketers?

As a marketer collecting this information, this means you need to:

  • Get consent before sharing someone’s information
  • Collect information for valid reasons
  • Be transparent and accountable about how their data will be used
  • Notify users if their data is compromised
  • Provide users with access to their data and enable them to have it deleted or removed if they so wish
  • Ensure that there are adequate measures in place to track the access of their information, even from within the company
  • Provide information on how and where their data is stored - and ensure there are minimum standards met to keep it safe
  • Ensure their information is stored correctly and responsibly maintained

Personal information, according to WorkPool, includes:

  • Identity and/or passport number
  • Date of birth and age
  • Phone number/s (including mobile phone number)
  • Email address/es
  • Online/Instant messaging identifiers
  • Physical address
  • Gender, Race and Ethnic origin
  • Photos, voice recordings, video footage (also CCTV), biometric data
  • Marital/Relationship status and Family relations
  • Criminal records
  • Private correspondence
  • Religious or philosophical beliefs including personal and political opinions
  • Employment history and salary information
  • Financial information
  • Education information
  • Physical and mental health information including medical history, blood type, details on your sex life
  • Membership to organisations/unions

As of December 2016, Adv. Pansy Tlakula was appointed as the Information Regulator and once POPI’s commencement date is announced in 2017, brands have one year to comply. Ignorance of the law is not an excuse! Fines can go up to R10 million for non-compliance, and it’s possible to receive ten years jail time. POPI impacts every employee at every level in your organisation, even junior staff, human resources, legal, finance, training, management, directors and executives.

Simple measures you can take to keep your database legal

  1. Add a disclaimer to all of your forms stating what you are collecting information for (i.e. by entering your information here you are consenting to receiving communication from [brand name])
  2. Add a notification that you are using cookies, if you are tracking them
  3. Make your ‘unsubscribe’ and ‘delete me from this database’ options simple and easy to find
  4. Send an email to your current database informing them that you have stored their information, and that they can remove themselves at any time.

An ethically sourced database remains critical for effective marketing, but how you gather and use it will be critical to your long term success. Keep your database legal with these simple tips and avoid possible POPI prosecution.  

Worried about keeping your database legal? Download our POPI compliance checklist and get started being compliant. 

Download Checklist

Our Latest Blog Post.

Join with our Community

Never miss a post!

Be the first to know about new B2B SaaS Marketing insights to build or refine your marketing function with the tools and knowledge of today’s industry.