A simple Get to know me section on Instagram or TikTok poses a serious security risk as it aligns with common security questions used…
Failure to comply can result in up to 10 years’ imprisonment and R10-million in fines
CM.com is a global leader in developing cloud software to enable conversational commerce. The platform empowers external marketing, sales and customer support teams to efficiently engage with their customers across multiple mobile channels, and automate these conversations. As the platform stores and integrates customer data, it is critical that CM.com, and other companies like it, comply with the act when it comes to processing and protecting personal information.
CM.com’s role in POPIA compliance
Webber Wentzel guided the best practices and procedures necessary for alignment with the requirements of POPIA. James Bayhack, Director for Sub-Saharan Africa at CM.com, explained what this means for customers, “With the work that the teams have put in to ensure compliance, CM.com customers can have peace of mind that important information is managed correctly and that the platform’s features and functionality will help them stay on the right side of the law.”
This partnership has geared CM.com’s processes, systems, and platform towards ensuring POPIA compliance. CM.com also provides customers with the tools and features they need to remain compliant, simplifying POPIA’s complex requirements. For instance, CM.com provides functionality that allows individuals to opt into communications and helps businesses further segment and manage these permissions according to specified preferences.
Peter Grealy, a partner at Webber Wentzel, added, “CM.com has demonstrated that it is serious about properly implementing the requirements of POPIA on its platform. After going through Webber Wentzel’s targeted compliance programme, CM.com can assure its clients that its processes, systems and platform are geared towards ensuring POPIA compliance.”
The implications of POPIA for businesses
The law came into effect from 1 July 2020, with a 12-month grace period to give companies time to comply. This means that any business that receives and processes any form of personal information from individuals needs to be POPIA compliant from 1 July 2021. Compliance is complex; companies must ensure that they have explicit consent before they can process or use personal data, and even then, they can only use the data in an agreed-upon manner. If individuals give companies their data, companies can only use the information provided for its intended purpose, and they are obliged to update or remove this information if an individual asks them to. This makes managing ‘opt-in’ and ‘opt-out’ confirmations essential.
The information must be stored and protected correctly to prevent unauthorised access. Businesses must install effective systems that make it easy to identify where this information is stored, how it is processed, who has access to it and what it will be used for. Failure to comply with these regulations comes with significant penalties – up to 10 years’ imprisonment and R10-million in fines.
If you are still unsure that your business is correctly managing personal information, please contact CM.com for further information.
Featured image: Franck on Unsplash