Businesses need to ensure their website is POPIA compliant because the Protection of Personal Information Act and the General Data Protection Regulation (GDPR) are having a massive impact on website development and other digital platforms like social media, email marketing, and e-commerce activities.
All digital businesses were meant to have their website POPIA compliant by July 1st, 2021. However, we understand that not every business owner has had the time, nor the knowledge to make this change happen. Therefore, we hope to guide you in the right direction with this article and provide a solution for you.
POPIA and GDPR are data privacy laws that affect all business websites that collect data. The regulations are there to protect the online privacy of visitors. The law vets how personal data is used and extracted when users visit and interact with a website.
Keep reading to find out how to get your website POPIA compliant, why, and what to look out for.
Get Your Website POPIA Compliant Today
We encourage business owners to build their knowledge and learn how the Act affects websites as well as the potential consequences of non-compliance. Any business operating in South Africa is legally obliged to comply with the regulations contained in the act.
Regardless of where your website is based if you process personal information, it is time to get your website POPIA compliant.
Why Get Your Website POPIA Compliant?
All websites collect loads of information daily, especially if your website uses analytics, opt-in forms, WordPress forms, or email marketing. All these forms are collecting personal information which means it is essential for businesses to obtain consent from visitors to collect and process their personal information.
If you do not get consent from your visitors, then you do not have permission to share this information with your marketing team. The website POPIA compliant policy exists to protect people against data breaches.
And, if you want to avoid massive fines and lawsuits, businesses need to comply by informing users about the data that their website collects.
What Is POPIA All About?
South Africa’s Protection of Personal Information Act are new laws that regulate the Processing of Personal Information. “Personal Information” broadly refers to any information relating to an identifiable, living natural person or juristic person (companies, or CCs).
This includes, but is not limited to:
- Contact information: email, phone, address.
- Demographic: age, sex, race, birth date, ethnicity.
- History: employment, financial, educational, criminal, medical history.
- Biometric: blood type.
- Opinions of and about the person.
- Private correspondence.
- Online identifiers to get your website POPIA compliant include email addresses, IP addresses, cookies, unique identifiers, search and browser history, and location data.
Failure to get your website POPIA compliant with the new regulations could result in a maximum of 10 years in prison or being charged with an R10 million fine by the Information Regulator.
7 Interesting Aspects About Your Website
- To get your website POPIA compliant, businesses must explicitly disclose if they are collecting personal data.
- Websites must inform visitors about why, how, and where they store and process their personal data.
- Visitors may request a copy of the personal data collected from companies.
- Visitors may request to have their personal data erased.
- Businesses must report serious breaches within 72 hours.
At Midnight Monkey, our team will help you to review all data collection points on your website. To get your website POPIA compliant, we might review the registration page, IP addresses, the checkout page, and other analytics.
It is essential to cover all these areas and to obtain consent to collect information.
1. WordPress
To get a website POPIA compliant, we can assist in updating it with the latest version of WordPress which has built-in privacy and compliance features. Just updating WordPress, can ensure a higher level of compliance. New key features of WordPress include explicit consent, new data erasure, export features, and a policy generator.
Originally, WordPress stored data to ensure people did not need to retype their personal information when making a new comment. Now, people must click a checkbox to ensure their personal data is stored and reused.
The data export and erase feature enable businesses to easily export a user’s information into a .zip file or completely erase it from the database. This feature helps simplify managing visitors’ personal information for website POPIA compliant laws.
WordPress also offers a privacy policy template that enables you to create an information page for visitors to view what data is stored and how the business manages it.
2. WooCommerce
Website POPIA compliant laws are easily followed by using WooCommerce which also offers built-in tools to manage user privacy. We can enable the options for personal data retention, data erasure, and a privacy policy. It is now easy to add the necessary information and disclosure to a WooCommerce privacy policy, especially related to shopping and payment security.
3. Contact Forms
All website POPIA compliant businesses must notify visitors that your website will collect their personal information when they complete any contact forms including registration forms and opt-in forms. To do this, we can easily create a tick box to accept the terms of service.
4. Cookies
Rule number one, every business with website POPIA compliant laws must inform visitors that they are collecting cookies.
5. Notifications
Businesses following website POPIA compliant rules must inform visitors about any policy updates or data breaches which can be done via email.
6. Google Analytics
Google Analytics and Google AdWords are third-party services that must be managed correctly by anonymising the data before storing and processing it.
To get a website POPIA compliant can be complicated but there are POPIA and GDPR compliant plugins available, that can automatically connect Google Analytics to your website which makes data anonymisation easy.
7. Online Payments
E-Commerce businesses generally use a payment gateway. However, your website may be collecting personal data before passing it onto the payment gateway. If so, website POPIA compliant regulations require you to remove any personal information after a reasonable period.
We Can Get You Started!
Privacy is essential and when implemented correctly, website POPIA compliant regulations do benefit business owners as much as their users. Privacy protection laws enable businesses to understand consumer behaviour. This helps improve their marketing and meets the rights of consumers to have their privacy protected. However, every business is unique which is why Midnight Monkey can assist in compiling a Privacy Policy Template for you to use to create your own Privacy Policy.
Read More
Web Design Funnel Pages Will Promote Super High Conversions And Sales In 2022.