POPIA and corporate communications

Ronelle BesterInsightLeave a Comment


The deadline for compliance with the Protection of Personal Information Act (POPIA) comes into effect on the 1st of July 2021. Communications professionals are now faced with a new challenge. They must retain contact databases and reach out to existing customers and broader markets. And all of this must be done within the confines of the Act.

What does it all mean?

For communications departments within enterprises, and for their agencies, POPIA challenges old models for communicating with markets.

Once, databases could be bought and compiled from many sources. And, targets could be approached for multiple campaigns.  Now, POPIA puts an end to the practice of bought and shared databases with no consent from contacts.

Previously, organisations had only to offer audiences the opportunity to opt out from direct marketing messages. Things are different now. Instead, businesses will need audiences to opt in.

For marketers, this impacts refer-a-friend campaigns. But, it does offer the advantage that those who have opted in are actually interested in the organisation’s products and services.

The valuable media lists that organisations and agencies hold will have to get checked. And, journalists will have to consent before you contact them. In Business-to-Business marketing, POPIA applies too. If contacts are personally identifiable through their names, email addresses and personal phone numbers, then POPIA will affect them.

Organisations wanting to alert existing customers to new products and services must secure their consent to do so. Bear in mind that if you do not get consent, asking again would contravene the act.

Even with the consent of all the people in your database, marketers and communications professionals will have to take extra measures to secure that data. They will also have to ensure that everyone involved in gathering, processing and storing the data is similarly secure and compliant. In addition, organisations must make sure that their data practices are transparent.

Marketers and communications professionals will also have to ensure that it’s easy for those on their databases to unsubscribe to communications at any time.

The path ahead

Red Ribbon client KnowBe4 Africa believes staff training is crucial for underpinning all enterprise security and compliance. This is because people make up one of the most important pillars of your overall data protection & cyber security strategy.

Anna Collard, SVP Content Strategy and Evangelist at KnowBe4 Africa, notes that: “people frequently cause data breaches through error, and less seldom by malicious intent. Working from home has made people even more susceptible to social engineering attacks, due to the added distractions and complexities of this new environment.”

Collard’s advice is that organisations ensure that training and policies are made easily digestible and simple enough for all staff members to understand. The training and policies should also be supported by tools that enable staff to do what’s expected from them. (i.e. Companies should implement password managers, multi factor authentication, and simple report this “phishing email” button.)

If your organisation finds itself concerned that communications models are not fully compliant, then you should partner with a marketing and communications agency such as Red Ribbon. We have invested heavily in becoming fully POPIA compliant. We have also put effort into understanding the correct procedures for internal and external communications, B2B marketing and direct marketing.


Leave a Reply

Your email address will not be published. Required fields are marked *