POPIA and GDPR
As a global software solution with data located at multiple locations across the world, Saleboat recognises the importance of protecting data and complying with jurisdictional data laws. These laws include but are not limited to POPIA and GDPR.
Please note that Saleboat is not providing legal advice, and we advise our clients to consult with their own independent legal counsel for any information related to compliance with POPIA, GDPR or other legislation in your region.
What is POPIA
The South African Protection of Personal Information Act (POPIA) is a comprehensive data protection and privacy legislation enacted in South Africa. POPIA aims to regulate the processing of personal information in a manner that respects individuals' privacy rights while promoting responsible and secure data handling practices by organisations. It establishes guidelines and principles for the lawful and transparent collection, storage, processing, and sharing of personal information, requiring organisations to obtain consent for data processing, protect data against breaches, and grant individuals certain rights over their personal information. POPIA also imposes obligations on businesses to implement appropriate security measures and to notify authorities and affected individuals in the event of data breaches. Compliance with POPIA is essential for organisations operating in South Africa to ensure the privacy and protection of individuals' personal data.
A responsible party
a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information
a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party
information relating to an identifiable, living, natural person and, where applicable, to an identifiable, existing juristic person
the person to whom personal information relates
What is GDPR
GDPR is designed to safeguard the privacy and personal data of EU residents and applies not only to organisations based in the EU but also to any entity worldwide that processes the personal data of individuals within the EU. GDPR is a comprehensive framework that enhances individuals' privacy rights, increases transparency, and places significant responsibilities on organisations to handle personal data with care and in compliance with the law. It has had a far-reaching impact on data protection and privacy practices globally, setting a high standard for data protection regulations worldwide.
Which laws apply to Saleboat
POPIA only applies where either the responsible party is domiciled in South Africa or is using means in South Africa. GDPR applies where the responsible party is domiciled in the European Union or storing data for European Union citizens. If you fall within the definition of a responsible party, and Saleboat contains a data subject’s personal information then POPIA or GDPR will likely apply.
Personal information might be stored in obvious locations, such as fields identified by the personal data label like name and address, or personal information may be stored in less obvious locations, for example as unstructured data such as comments, notes, custom fields, or file attachments. As a responsible party, the client (you) determine what personal information you will store within the system and where you store it.
As an operator, Saleboat has taken steps to secure personal information that is stored or input into the system.
The conditions for lawful processing of information
POPIA provides for eight conditions for the lawful processing of personal information including:
The responsible party must ensure that the conditions and all the measures set out in the Act that give effect to such conditions, are complied with at the time of determining the purpose and means of the processing.
Both the client and Saleboat have responsibilities with regards to the protection of personal information and must comply with the act in its entirety.
2. Purpose specification
Personal information may only be processed in a fair and lawful manner and only with the consent of the data subject.
The responsible person in this case is the client, any personal information added to Saleboat must have been gathered with the consent of the data subject
3. Processing limitation
Personal information may only be processed for specific, explicitly defined and legitimate reasons.
The client should only store personal information in Saleboat for the specific purpose that the information was collected for and for which permission has been given.
4. Further processing limitation
Personal information may not be processed for a secondary purpose unless that processing is compatible with the original purpose.
E.g. If the information was provided with the purpose of selling a specific product or service, it could not be used for marketing a different product or service.
5. Information quality
The responsible party must take reasonable steps to ensure that the personal information collected is complete, accurate, not misleading and updated where necessary.
Personal information should not misrepresent the individual or entity.
The data subject whose information you are collecting must be aware that you are collecting such personal information and for what purpose the information will be used.
Reasons for collecting personal data must be specified and simple to understand.
7. Security safeguards
Personal information must be kept secure against the risk of loss, unlawful access, interference, modification, unauthorised destruction and disclosure.
This is the primary condition where Saleboat is the responsible party. Security measures are in place to keep personal information secure. The Client maintains responsibility for keeping their user accounts secure.
8. Data subject participation.
Data subjects may request whether their personal information is held, as well as the correction and/or deletion of any personal information held about them.
There must be defined processes whereby users can refuse the collection of personal data and personal data can be removed or corrected as needed.
Do you need consent to store data in Saleboat?
You need consent to store and communicate with an individual whose information is stored in Saleboat. It’s a good idea to inform people that you are storing their data and how you will use it, then get their permission to use their data. People may also request that their data is deleted and you must comply with their request.
Saleboat provides the tools you need to remain compliant and we are consistently improving our service to make it simpler to go out and make sales.
What is consent?
Someone handing over a business card or giving you an email address to enter a competition is not sufficient. The user has to explicitly consent to how their information is used. Be sure to let people know how you are storing their information and how you intend to use it.What
What is positive Opt-in?
You cannot ask a person if they want to opt out of you using their data for whatever you like. The person has to specifically opt-in to you using their data for a specific purpose. You can’t contact a person under the assumption that they’ll tell you if they don’t want to communicate with you anymore.
Can I Buy Lists of Leads? / 3rd Party Consent
A person has to consent to a specific organisation using their data. That means contacting someone based on a list you bought, even if the person who you bought the list from had permission to sell it to you (which is unlikely), is not allowed. Just don’t do it.
Who does the law apply to?
GDPR is in effect for all members of the European Union. Any person or company conducting business or making products or services available to persons within the EU must comply to the law. It does not apply outside the EU. POPIA applies in South Africa. Many other countries do have their own privacy and data laws in place.
Where does Saleboat store information?
The data of European citizens must remain in the EU. Don’t worry, at Saleboat we store all our European user data in Europe. We consistently work on improving our security and doing our best to make sure any data you store on Saleboat stays safe.