SlideShare a Scribd company logo

Saying "I Don't": the requirement of data subject consent for purposes of data processing and marketing - Ina Meiring, Werksmans Attorneys

Werksmans Attorneys
Werksmans Attorneys
BusinessTechnology
1 of 27
Saying ‘I Don’t’: The requirement of data subject consent for purposes of data processing and marketing Ina Meiring
PURPOSE To promote the protection of personal information processed by public and private bodies; to introduce [information protection principles] certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information [Protection] Regulator; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic.
DEFINITIONS "data subject" means the person to whom personal information relates; "processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including— (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; (b) dissemination by means of transmission, distribution or making available in any other form; or (c) merging, linking, as well as blocking, degradation, erasure or destruction of information;
DEFINITIONS "responsible party" means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information POPI applies to the processing of personal information - entered in a record by or for a responsible party by making use of automated or non-automated means: Provided that when the recorded personal information is processed by non- automated means, it forms part of a filing system or is intended to form part thereof; and where the responsible party is— domiciled in the Republic; or not domiciled in the Republic, but makes use of automated or non-automated means that are situated in the Republic, unless those means are used only to transfer personal information through the Republic.
PERSONAL INFORMATION "personal information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to— (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;
PERSONAL INFORMATION … (d) the blood type or any other biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g) the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
CONDITIONS FOR LAWFUL PROCESSING (8 PRINCIPLES) Principle 1: Accountability The responsible party must ensure that the [principles] conditions and all the measures that give effect to [the principles] such conditions, are complied with.
PROCESSING LIMITATION (2) Lawful, minimal (adequate, relevant and not excessive) Only if – the data subject consents to the processing; processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party; processing complies with an obligation imposed by law on the responsible party; processing protects a legitimate interest of the data subject; processing is necessary for the proper performance of a public law duty by a public body; or processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
PROCESSING LIMITATION (2) Personal information must be collected directly from the data subject, unless - the information is public; the data subject has consented to the collection of the information from another source; collection of the information from another source would not prejudice a legitimate interest of the data subject; collection of the information from another source is necessary— to avoid prejudice to the maintenance of the law by any public body; to comply with an obligation imposed by law; for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated; in the [legitimate] interests of national security; or to maintain the legitimate interests of the responsible party or of a third party to whom the information is supplied; compliance would prejudice a lawful purpose of the collection; or compliance is not reasonably practicable in the circumstances of the particular case.
PURPOSE SPECIFICATION (3) Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party. Steps must be taken to ensure that the data subject is aware of the purpose of the collection of the information Records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless— (a) retention of the record is required or authorised by law; (b) the responsible party reasonably requires the record for lawful purposes related to its functions or activities; (c) retention of the record is required by a contract between the parties thereto; or (d) the data subject has consented to the retention of the record.
FURTHER PROCESSING LIMITATION (4) Further processing of personal information must be in accordance or compatible with the purpose for which it was collected To assess whether further processing is compatible with the purpose of collection, the responsible party must take account of— the relationship between the purpose of the intended further processing and the purpose for which the information has been collected; the nature of the information concerned; the consequences of the intended further processing for the data subject; the manner in which the information has been collected; and any contractual rights and obligations between the parties.
INFORMATION QUALITY (5) The responsible party must take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary. In taking the steps referred to the responsible party must have regard to the purpose for which personal information is collected or further processed.
OPENNESS(6) Must notify the Regulator The responsible party must take reasonably practicable steps to ensure that the data subject is aware of— the information being collected; the name and address of the responsible party; the purpose ; whether or not the supply of the information by that data subject is voluntary or mandatory; the consequences of failure to provide the information; any particular law authorising requiring the collection of the information; and further information such as the— recipient or category of recipients of the information; nature or category of the information; and existence of the right of access to and the right to rectify the information collected, which is necessary, having regard to the specific circumstances in which the information is or is not to be processed, to enable processing in respect of the data subject to be reasonable.
OPENNESS(6) The steps must be taken— if the personal information is collected directly from the data subject, before the information is collected, unless the data subject is already aware of the information referred to in that subsection; or in any other case, before the information is collected or as soon as reasonably practicable after it has been collected.
OPENNESS(6) It is not necessary for a responsible party to take the steps required if— the data subject has provided consent; non-compliance would not prejudice the legitimate interests of the data subject; non-compliance is necessary— to avoid prejudice to the maintenance of the law by any public body ;to enforce a law imposing a pecuniary penalty; to enforce legislation concerning the collection of revenue as defined in section 1 of the South African Revenue Service Act, 1997 (Act No. 34 of 1997);for the conduct of proceedings in any court or tribunal that have been commenced or are reasonably contemplated; or in the interests of national security; compliance would prejudice a lawful purpose of the collection; compliance is not reasonably practicable in the circumstances of the particular case; or the information will not be used in a form in which the data subject may be identified; or be used for historical, statistical or research purposes.
SECURITY SAFEGUARDS (7) A responsible party must secure the integrity of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent— loss of, damage to or unauthorised destruction of personal information; and unlawful access to or processing of personal information.
SECURITY SAFEGUARDS (7) The responsible party must take reasonable measures to— identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control; establish and maintain appropriate safeguards against the risks identified; regularly verify that the safeguards are effectively implemented; and ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards. The responsible party must have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.
Operators A responsible party must ensure that an operator which processes personal information for the responsible party establishes and maintains security measures (a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party) The processing of personal information by an operator on must be governed by a written contract between the operator and the responsible party, which requires the operator to establish and maintain confidentiality and security measures to ensure the integrity of the personal information. If the operator is not domiciled in the Republic, the responsible party must take reasonably practicable steps to ensure that the operator complies with the laws, if any, relating to the protection of personal information of the territory in which the operator is domiciled.
Notification of security compromises Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party, or any third party processing personal information under the authority of a responsible party, must notify the— Regulator; and data subject, unless the identity of such data subject cannot be established.
DATA SUBJECT PARTICIPATION (8) A data subject has the right to— request a responsible party to confirm, free of charge, whether or not the responsible party holds personal information about the data subject; and request from a responsible party the record or a description of the personal information about the data subject held by the responsible party, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information— (i) within a reasonable time; (ii) at a prescribed fee, if any; (iii) in a reasonable manner and format; and (iv) in a form that is generally understandable.
DATA SUBJECT PARTICIPATION (8) A data subject may request a responsible party to— correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or destroy or delete a record of personal information about the data subject that the responsible party is no longer authorised to retain. A responsible party must— (a) correct the information; or (b) destroy or delete the information
UNSOLICITED ELECTRONIC COMMUNICATION The processing of personal information for the purpose of direct marketing by means of any form of electronic communication is prohibited unless the data subject has given consent to the processing, or is a customer of the responsible party. A responsible party may approach the data subject (not the customer) once in order to obtain the consent. “Consent” means any voluntary, specific and informed expression of will in terms of which a data subject agrees to the processing of personal information relating to him or her. Opt-in provisions are arguably more protective of a data subject’s rights than opt-out provisions. Responsible parties should make use of both options to make sure that the data subject understands and knows what he or she is consenting and objecting to.
UNSOLICITED ELECTRONIC COMMUNICATION If a customer, may process – if the responsible party has obtained the contact details of the data subject in the context of the sale of a product or service; for the purpose of direct marketing of the responsible party’s own similar products or services; and if the data subject has been given a reasonable opportunity to object, free of charge and in a manner free of unnecessary formality, to such use of his, her or its electronic details— at the time when the information was collected; and on the occasion of each communication with the data subject for the purpose of marketing if the data subject has not initially refused such use.
UNSOLICITED ELECTRONIC COMMUNICATION Any communication for the purpose of direct marketing must contain— details of the identity of the sender or the person on whose behalf the communication has been sent; and an address or other contact details to which the recipient may send a request that such communications cease.
NON-COMPLIANCE Any person may submit a complaint to the Regulator Investigate Act as conciliator/secure a settlement Refer to a regulatory body Enforcement notice Right of appeal (High Court) Civil remedies: damages, aggravated damages, interest and legal costs.
OFFENCES Failure to comply with enforcement notice False statements by witnesses Penalties: fines and imprisonment Administrative fine (R1 million)
THANK YOU Ina Meiring March 2012 Nothing in this presentation should be construed as formal legal advice from any lawyer or this firm. Readers are advised to consult professional legal advisors for guidance on legislation which may affect their businesses. © 2011 Werksmans Incorporated trading as Werksmans Attorneys. All rights reserved.

Recommended

Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Werksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
Werksmans Attorneys
 
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Werksmans Attorneys
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
Yizi
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinar
Lesedi Mnisi
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popi
Werksmans Attorneys
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
Kholisile Mazaza
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
Robert MacLean
 

Recommended

Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Werksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
Werksmans Attorneys
 
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Werksmans Attorneys
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
Yizi
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinar
Lesedi Mnisi
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popi
Werksmans Attorneys
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
Kholisile Mazaza
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
Robert MacLean
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
Jason Haislmaier
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
- Mark - Fullbright
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
POPI
POPI POPI
POPI
POPI ACT Protection of Personal Info
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
blogzilla
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
Quotient Consulting
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
legalPadmin
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
Myron Duncan Burton Betshanger
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal Information
Francois Naude Jr.
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
Elizabeth Baker, JD, CRCMP
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
Myron Duncan Burton Betshanger
 
CEU DPA
CEU DPACEU DPA
CEU DPA
BERBERGRACEMARJORIE
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Jay Castillo
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Financial Poise
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
Benjamin Ang
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A Presentation
Endcode_org
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
Harrison Clark Rickerbys
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
Russell_Kennedy
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
Kittelson & Carpo Consulting
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPR
Nupur Samaddar
 

More Related Content

What's hot

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
Quotient Consulting
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Financial Poise
 

What's hot (20)

Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
POPI
POPI POPI
POPI
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal Information
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A Presentation
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 

Similar to Saying "I Don't": the requirement of data subject consent for purposes of data processing and marketing - Ina Meiring, Werksmans Attorneys

Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
FatmaAkram2
 
Freedom of Information and Data Protection
Freedom of Information and Data ProtectionFreedom of Information and Data Protection
Freedom of Information and Data Protection
EquiGov Institute
 

Similar to Saying "I Don't": the requirement of data subject consent for purposes of data processing and marketing - Ina Meiring, Werksmans Attorneys (20)

Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPR
 
Data Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptxData Privacy Act of 2012.pptx
Data Privacy Act of 2012.pptx
 
GDPR compliance process and maturity/readiness assessment checklist
GDPR compliance process and maturity/readiness assessment checklistGDPR compliance process and maturity/readiness assessment checklist
GDPR compliance process and maturity/readiness assessment checklist
 
Data privacy act
Data privacy actData privacy act
Data privacy act
 
Data Privacy Act.pdf
Data Privacy Act.pdfData Privacy Act.pdf
Data Privacy Act.pdf
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
 
Data privacy act of 2012.pdf
Data privacy act of 2012.pdfData privacy act of 2012.pdf
Data privacy act of 2012.pdf
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
 
Freedom of Information and Data Protection
Freedom of Information and Data ProtectionFreedom of Information and Data Protection
Freedom of Information and Data Protection
 
Esc gdpr oct 2018
Esc gdpr oct 2018Esc gdpr oct 2018
Esc gdpr oct 2018
 
China-PIPL.pdf
China-PIPL.pdfChina-PIPL.pdf
China-PIPL.pdf
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)
 
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 20122019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
 
Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal Information
 
Data protection
Data protectionData protection
Data protection
 
Hexagon presentation light.pptx
Hexagon presentation light.pptxHexagon presentation light.pptx
Hexagon presentation light.pptx
 
Privacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MNPrivacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MN
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptx
 

More from Werksmans Attorneys

More from Werksmans Attorneys (20)

Labour employment seminar 2016
Labour employment seminar 2016Labour employment seminar 2016
Labour employment seminar 2016
 
Reaching the summit - addressing the land question seminar
Reaching the summit - addressing the land question seminar Reaching the summit - addressing the land question seminar
Reaching the summit - addressing the land question seminar
 
Collusive tendering
Collusive tenderingCollusive tendering
Collusive tendering
 
Jbcc - out with the old
Jbcc - out with the oldJbcc - out with the old
Jbcc - out with the old
 
Developing sexuality and sexual health policies in the disability sector
Developing sexuality and sexual health policies in the disability sector Developing sexuality and sexual health policies in the disability sector
Developing sexuality and sexual health policies in the disability sector
 
Recent developments in mining legislation and case law: Director Chris Stevens
Recent developments in mining legislation and case law: Director Chris StevensRecent developments in mining legislation and case law: Director Chris Stevens
Recent developments in mining legislation and case law: Director Chris Stevens
 
Business rescue: Saving distressed companies (Director Eric Levenstein and Se...
Business rescue: Saving distressed companies (Director Eric Levenstein and Se...Business rescue: Saving distressed companies (Director Eric Levenstein and Se...
Business rescue: Saving distressed companies (Director Eric Levenstein and Se...
 
Business rescue in mining: Peter van den Steen (VSquared)
Business rescue in mining: Peter van den Steen (VSquared)Business rescue in mining: Peter van den Steen (VSquared)
Business rescue in mining: Peter van den Steen (VSquared)
 
Environmental regulation of prospecting, exploration, mining and production: ...
Environmental regulation of prospecting, exploration, mining and production: ...Environmental regulation of prospecting, exploration, mining and production: ...
Environmental regulation of prospecting, exploration, mining and production: ...
 
CONSTRUCTION AND ENGINEERING LAW: THE INTERPRETATION AND APPLICATION OF DEMAN...
CONSTRUCTION AND ENGINEERING LAW: THE INTERPRETATION AND APPLICATION OF DEMAN...CONSTRUCTION AND ENGINEERING LAW: THE INTERPRETATION AND APPLICATION OF DEMAN...
CONSTRUCTION AND ENGINEERING LAW: THE INTERPRETATION AND APPLICATION OF DEMAN...
 
TYPES OF CONSTRUCTION AND ENGINEERING GUARANTEES:
TYPES OF CONSTRUCTION AND ENGINEERING GUARANTEES:TYPES OF CONSTRUCTION AND ENGINEERING GUARANTEES:
TYPES OF CONSTRUCTION AND ENGINEERING GUARANTEES:
 
WHEN GOOD CONSTRUCTION CONTRACTS GO BAD
WHEN GOOD CONSTRUCTION CONTRACTS GO BAD WHEN GOOD CONSTRUCTION CONTRACTS GO BAD
WHEN GOOD CONSTRUCTION CONTRACTS GO BAD
 
The Future of Section 197 in South Africa: Bradley Workman-Davies
The Future of Section 197 in South Africa: Bradley Workman-DaviesThe Future of Section 197 in South Africa: Bradley Workman-Davies
The Future of Section 197 in South Africa: Bradley Workman-Davies
 
The Employment Equity Amendment Act: Anastasia Vatalidis
The Employment Equity Amendment Act: Anastasia VatalidisThe Employment Equity Amendment Act: Anastasia Vatalidis
The Employment Equity Amendment Act: Anastasia Vatalidis
 
Controlling Strike Violence: Advocate Anton Myburgh SC
Controlling Strike Violence: Advocate Anton Myburgh SCControlling Strike Violence: Advocate Anton Myburgh SC
Controlling Strike Violence: Advocate Anton Myburgh SC
 
BBBEE Presentation Cape Town Seminar 29 August 2014
BBBEE Presentation Cape Town Seminar 29 August 2014BBBEE Presentation Cape Town Seminar 29 August 2014
BBBEE Presentation Cape Town Seminar 29 August 2014
 
VSquXred Business Rescue presentation
VSquXred Business Rescue presentation VSquXred Business Rescue presentation
VSquXred Business Rescue presentation
 
Foreign & local investment opportunities in South Africa offered by the busin...
Foreign & local investment opportunities in South Africa offered by the busin...Foreign & local investment opportunities in South Africa offered by the busin...
Foreign & local investment opportunities in South Africa offered by the busin...
 
Foreign & local investment opportunities in South Africa offered by the busin...
Foreign & local investment opportunities in South Africa offered by the busin...Foreign & local investment opportunities in South Africa offered by the busin...
Foreign & local investment opportunities in South Africa offered by the busin...
 
Healthcare and the Consumer Protection Act 68 of 2008 - Ahmore Burger-Smidt
Healthcare and the Consumer Protection Act 68 of 2008 - Ahmore Burger-SmidtHealthcare and the Consumer Protection Act 68 of 2008 - Ahmore Burger-Smidt
Healthcare and the Consumer Protection Act 68 of 2008 - Ahmore Burger-Smidt
 

Recently uploaded

Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
gargpaaro
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
ZurliaSoop
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
pr788182
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
instagramfab782445
 

Recently uploaded (20)

Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
Lucknow Housewife Escorts by Sexy Bhabhi Service 8250092165
 
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdfTVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
TVB_The Vietnam Believer Newsletter_May 6th, 2024_ENVol. 006.pdf
 
BeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdfBeMetals Investor Presentation_May 3, 2024.pdf
BeMetals Investor Presentation_May 3, 2024.pdf
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Buy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail AccountsBuy gmail accounts.pdf buy Old Gmail Accounts
Buy gmail accounts.pdf buy Old Gmail Accounts
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow ChallengesFalcon Invoice Discounting: Aviate Your Cash Flow Challenges
Falcon Invoice Discounting: Aviate Your Cash Flow Challenges
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Rice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna ExportsRice Manufacturers in India | Shree Krishna Exports
Rice Manufacturers in India | Shree Krishna Exports
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAIGetting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
Getting Real with AI - Columbus DAW - May 2024 - Nick Woo from AlignAI
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan CytotecJual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
Jual Obat Aborsi ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan Cytotec
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
New 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck TemplateNew 2024 Cannabis Edibles Investor Pitch Deck Template
New 2024 Cannabis Edibles Investor Pitch Deck Template
 
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGParadip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Paradip CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in OmanMifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
Mifepristone Available in Muscat +918761049707^^ €€ Buy Abortion Pills in Oman
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 

Saying "I Don't": the requirement of data subject consent for purposes of data processing and marketing - Ina Meiring, Werksmans Attorneys

  • 1. Saying ‘I Don’t’: The requirement of data subject consent for purposes of data processing and marketing Ina Meiring
  • 2. PURPOSE To promote the protection of personal information processed by public and private bodies; to introduce [information protection principles] certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information [Protection] Regulator; to provide for the issuing of codes of conduct; to provide for the rights of persons regarding unsolicited electronic communications and automated decision making; to regulate the flow of personal information across the borders of the Republic.
  • 3. DEFINITIONS "data subject" means the person to whom personal information relates; "processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including— (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; (b) dissemination by means of transmission, distribution or making available in any other form; or (c) merging, linking, as well as blocking, degradation, erasure or destruction of information;
  • 4. DEFINITIONS "responsible party" means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information POPI applies to the processing of personal information - entered in a record by or for a responsible party by making use of automated or non-automated means: Provided that when the recorded personal information is processed by non- automated means, it forms part of a filing system or is intended to form part thereof; and where the responsible party is— domiciled in the Republic; or not domiciled in the Republic, but makes use of automated or non-automated means that are situated in the Republic, unless those means are used only to transfer personal information through the Republic.
  • 5. PERSONAL INFORMATION "personal information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to— (a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language and birth of the person; (b) information relating to the education or the medical, financial, criminal or employment history of the person; (c) any identifying number, symbol, e-mail address, physical address, telephone number or other particular assignment to the person;
  • 6. PERSONAL INFORMATION … (d) the blood type or any other biometric information of the person; (e) the personal opinions, views or preferences of the person; (f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence; (g) the views or opinions of another individual about the person; and (h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person.
  • 7. CONDITIONS FOR LAWFUL PROCESSING (8 PRINCIPLES) Principle 1: Accountability The responsible party must ensure that the [principles] conditions and all the measures that give effect to [the principles] such conditions, are complied with.
  • 8. PROCESSING LIMITATION (2) Lawful, minimal (adequate, relevant and not excessive) Only if – the data subject consents to the processing; processing is necessary to carry out actions for the conclusion or performance of a contract to which the data subject is party; processing complies with an obligation imposed by law on the responsible party; processing protects a legitimate interest of the data subject; processing is necessary for the proper performance of a public law duty by a public body; or processing is necessary for pursuing the legitimate interests of the responsible party or of a third party to whom the information is supplied.
  • 9. PROCESSING LIMITATION (2) Personal information must be collected directly from the data subject, unless - the information is public; the data subject has consented to the collection of the information from another source; collection of the information from another source would not prejudice a legitimate interest of the data subject; collection of the information from another source is necessary— to avoid prejudice to the maintenance of the law by any public body; to comply with an obligation imposed by law; for the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated; in the [legitimate] interests of national security; or to maintain the legitimate interests of the responsible party or of a third party to whom the information is supplied; compliance would prejudice a lawful purpose of the collection; or compliance is not reasonably practicable in the circumstances of the particular case.
  • 10. PURPOSE SPECIFICATION (3) Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party. Steps must be taken to ensure that the data subject is aware of the purpose of the collection of the information Records of personal information must not be retained any longer than is necessary for achieving the purpose for which the information was collected or subsequently processed, unless— (a) retention of the record is required or authorised by law; (b) the responsible party reasonably requires the record for lawful purposes related to its functions or activities; (c) retention of the record is required by a contract between the parties thereto; or (d) the data subject has consented to the retention of the record.
  • 11. FURTHER PROCESSING LIMITATION (4) Further processing of personal information must be in accordance or compatible with the purpose for which it was collected To assess whether further processing is compatible with the purpose of collection, the responsible party must take account of— the relationship between the purpose of the intended further processing and the purpose for which the information has been collected; the nature of the information concerned; the consequences of the intended further processing for the data subject; the manner in which the information has been collected; and any contractual rights and obligations between the parties.
  • 12. INFORMATION QUALITY (5) The responsible party must take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary. In taking the steps referred to the responsible party must have regard to the purpose for which personal information is collected or further processed.
  • 13. OPENNESS(6) Must notify the Regulator The responsible party must take reasonably practicable steps to ensure that the data subject is aware of— the information being collected; the name and address of the responsible party; the purpose ; whether or not the supply of the information by that data subject is voluntary or mandatory; the consequences of failure to provide the information; any particular law authorising requiring the collection of the information; and further information such as the— recipient or category of recipients of the information; nature or category of the information; and existence of the right of access to and the right to rectify the information collected, which is necessary, having regard to the specific circumstances in which the information is or is not to be processed, to enable processing in respect of the data subject to be reasonable.
  • 14. OPENNESS(6) The steps must be taken— if the personal information is collected directly from the data subject, before the information is collected, unless the data subject is already aware of the information referred to in that subsection; or in any other case, before the information is collected or as soon as reasonably practicable after it has been collected.
  • 15. OPENNESS(6) It is not necessary for a responsible party to take the steps required if— the data subject has provided consent; non-compliance would not prejudice the legitimate interests of the data subject; non-compliance is necessary— to avoid prejudice to the maintenance of the law by any public body ;to enforce a law imposing a pecuniary penalty; to enforce legislation concerning the collection of revenue as defined in section 1 of the South African Revenue Service Act, 1997 (Act No. 34 of 1997);for the conduct of proceedings in any court or tribunal that have been commenced or are reasonably contemplated; or in the interests of national security; compliance would prejudice a lawful purpose of the collection; compliance is not reasonably practicable in the circumstances of the particular case; or the information will not be used in a form in which the data subject may be identified; or be used for historical, statistical or research purposes.
  • 16. SECURITY SAFEGUARDS (7) A responsible party must secure the integrity of personal information in its possession or under its control by taking appropriate, reasonable technical and organisational measures to prevent— loss of, damage to or unauthorised destruction of personal information; and unlawful access to or processing of personal information.
  • 17. SECURITY SAFEGUARDS (7) The responsible party must take reasonable measures to— identify all reasonably foreseeable internal and external risks to personal information in its possession or under its control; establish and maintain appropriate safeguards against the risks identified; regularly verify that the safeguards are effectively implemented; and ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards. The responsible party must have due regard to generally accepted information security practices and procedures which may apply to it generally or be required in terms of specific industry or professional rules and regulations.
  • 18. Operators A responsible party must ensure that an operator which processes personal information for the responsible party establishes and maintains security measures (a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party) The processing of personal information by an operator on must be governed by a written contract between the operator and the responsible party, which requires the operator to establish and maintain confidentiality and security measures to ensure the integrity of the personal information. If the operator is not domiciled in the Republic, the responsible party must take reasonably practicable steps to ensure that the operator complies with the laws, if any, relating to the protection of personal information of the territory in which the operator is domiciled.
  • 19. Notification of security compromises Where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorised person, the responsible party, or any third party processing personal information under the authority of a responsible party, must notify the— Regulator; and data subject, unless the identity of such data subject cannot be established.
  • 20. DATA SUBJECT PARTICIPATION (8) A data subject has the right to— request a responsible party to confirm, free of charge, whether or not the responsible party holds personal information about the data subject; and request from a responsible party the record or a description of the personal information about the data subject held by the responsible party, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information— (i) within a reasonable time; (ii) at a prescribed fee, if any; (iii) in a reasonable manner and format; and (iv) in a form that is generally understandable.
  • 21. DATA SUBJECT PARTICIPATION (8) A data subject may request a responsible party to— correct or delete personal information about the data subject in its possession or under its control that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully; or destroy or delete a record of personal information about the data subject that the responsible party is no longer authorised to retain. A responsible party must— (a) correct the information; or (b) destroy or delete the information
  • 22. UNSOLICITED ELECTRONIC COMMUNICATION The processing of personal information for the purpose of direct marketing by means of any form of electronic communication is prohibited unless the data subject has given consent to the processing, or is a customer of the responsible party. A responsible party may approach the data subject (not the customer) once in order to obtain the consent. “Consent” means any voluntary, specific and informed expression of will in terms of which a data subject agrees to the processing of personal information relating to him or her. Opt-in provisions are arguably more protective of a data subject’s rights than opt-out provisions. Responsible parties should make use of both options to make sure that the data subject understands and knows what he or she is consenting and objecting to.
  • 23. UNSOLICITED ELECTRONIC COMMUNICATION If a customer, may process – if the responsible party has obtained the contact details of the data subject in the context of the sale of a product or service; for the purpose of direct marketing of the responsible party’s own similar products or services; and if the data subject has been given a reasonable opportunity to object, free of charge and in a manner free of unnecessary formality, to such use of his, her or its electronic details— at the time when the information was collected; and on the occasion of each communication with the data subject for the purpose of marketing if the data subject has not initially refused such use.
  • 24. UNSOLICITED ELECTRONIC COMMUNICATION Any communication for the purpose of direct marketing must contain— details of the identity of the sender or the person on whose behalf the communication has been sent; and an address or other contact details to which the recipient may send a request that such communications cease.
  • 25. NON-COMPLIANCE Any person may submit a complaint to the Regulator Investigate Act as conciliator/secure a settlement Refer to a regulatory body Enforcement notice Right of appeal (High Court) Civil remedies: damages, aggravated damages, interest and legal costs.
  • 26. OFFENCES Failure to comply with enforcement notice False statements by witnesses Penalties: fines and imprisonment Administrative fine (R1 million)
  • 27. THANK YOU Ina Meiring March 2012 Nothing in this presentation should be construed as formal legal advice from any lawyer or this firm. Readers are advised to consult professional legal advisors for guidance on legislation which may affect their businesses. © 2011 Werksmans Incorporated trading as Werksmans Attorneys. All rights reserved.