Every SME out there should be concerned about the Protection of Personal Information (PoPI) Act and the impact it has on your bottom-line.
All businesses store and process personal information at some point, be it that of employees or customers. PoPI is all about effectively governing the usage and storage of that data.
Most businesses & their people today, require the ability to access that data online whilst working remotely. This creates a huge risk of non-compliance and exploitation.
The reality is that POPI does impact all businesses that have control over, or process any kind of personal information. According to Botha, Eloff, Swart (2015), “Personal information is defined by PoPI as any information relating to an identifiable, living, natural or juristic person”.
Why is PoPI Important to SME’s?
The answer is simple: Brand reputation, business impact, financial and legal consequences.
According to thought leader, Monisha Prem, “It is in your business’ best interest to comply with PoPI as the consequences of non-compliance are severe”. Monisha reports on some startling financial and criminal penalties:
- Civil action for damages
- Fines of up to R10 million
- 12 months to 10 years imprisonment.
This begs the question: What can a SME owner do to circumvent this risk, and better secure the information that resides on its network?
Below is some advice on how you can secure this information & your network by implementing some basic network security elements.
Step 1: Ask & Answer
If PoPI is all about the protection of personal information then answer some questions about that data:
- Where is the data stored?
- Who has access to the data and is access effectively governed?
- What is the data used for?
- Is the usage or processing of the data tracked and controlled?
Once you understand how and when all this data is being used & stored, you can then look at taking the first step in safeguarding your business against the repercussions of non-compliance or security breach.
Step 2: Start at the beginning, its always a good place to start
You need to secure & govern access to all your data. If you have a website, a CRM server, or are keeping any records accessible via the internet, your data integrity and SME is at risk.
By implementing proper data security and access control, you can protect your accountability as a business, and more effectively govern the use of that data.
By showcasing your willingness to comply, you can also increase trust between your business and your customers.
Think about it: I would rather share more information with a company that I can trust to take the proper precautions with my personal data. I would be more inclined to shop online through their e-commerce store, or place my electronic signature on an order or contract.
Some things to consider about first-line protection, are:
- Draft a data security policy that governs storage, processing, and security of personal data. Ensure that the actions mentioned in the policy are measurable
- Store the data on a secured server/s behind some form of firewall
- Implement stricter access control mechanisms for your network
Step 3: Tighten-up your access points
By controlling access to the data, you decrease the risk of exploitation. The best and most effective way to do that, is:
- Train your staff on proper information management. Most security breaches happen due to human vulnerabilities or ignorance
- Implement secure access control mechanisms such as login’s, passwords etc.
- Secure your network – Control access to your network and data by using a firewall.
Related: PoPI: This Changes Everything
Step 4: Invest in Tech. Educate your Assets
Use firewalls to secure your network/s good and proper. Train-up your staff on information security and data management practice, and lock-down your network – one-time-shoe-shine.
An Introduction To COID Registration And The Letter Of Good Standing
Company Partners is a leading COID Registration Service Provider in South Africa. They also assist Companies to obtain a Letter of Good Standing from COIDA.
What is COIDA?
The Compensation for Occupational Injuries and Diseases Act (Act 130 of 1993) replaced the “Workmen’s Compensation Act” (Act No. 30 of 1941), and was amended in 1997.
The Compensation Fund provides compensation for occupational injuries or diseases sustained or contracted by employees in the course and scope of their employment, or their dependents for death resulting from such injuries or disease, and to pay reasonable medical expenses incurred.
Who must register with COID?
According to prescription, anyone who employs one or more part- or full time workers must register with the Compensation Fund and pay annual assessment fees. The Compensation Fund is a trust fund that is controlled by the Compensation Commissioner and employer contributes to the Compensation Fund. The Commissioner is appointed to administer the Fund and approve claims lodge by employees or their dependants.
An employer must register with COID within seven days after the day on which he employs his first employee. An employer must register with the Commissioner by submitting Form W.As.2 with the particulars required therein to the Commissioner.
During COID registration copies of the following documentation should be included:
- the registration certificate from the Register of Companies if they are a company or closed corporation;
- or their ID document, if they are sole owners of the business.
What are assessment fees?
The annual assessment fee is of an employer is based on their employee’s earnings and the risks associated with the type of work or profession. Before 31 March each year, all employers (including contractors) must submit a statement (return) of earnings reflecting amount paid to all their workers from the beginning of March to the end of February.
Assessment tariffs, reviewed annually, are based on the risks related to a particular type of work.
Payment of assessments
- Employers must pay within 30 days of receiving the notice of assessment;
- Employers must apply in writing to settle assessments in installments (not exceeding 12 months);
- 20% of the outstanding balance due is required upfront before instalment arrangements can be applied for;
- Should the instalment fall overdue, the full amount becomes due and payable immediately.
Failure to comply may result in:
- Penalty can be imposed for late submission of ROE (Sect 83(2) – 10%);
- Estimations will be done if no returns (ROE) are submitted (Sect 83(6)(a);
- Penalty on non-payment of assessments (Sect 87(1) – 10%);
- Interest on late payment of assessment (prevailing prime rate);
- Penalty for late reporting of accidents
- A penalty is imposed where an employee meets an accident / death and employer is not registered with the Compensation Fund (not exceeding full compensation payable to the employee (Sect 87(2)(a))
- An employer who fails to comply with a provision of this section shall be guilty of an offence – Sect 81(3)
Contractors and sub-contractors:
- Contractors and sub-contractors must register with the Compensation Fund and pay assessments;
- Failure to comply with the COID Act by the sub-contractor will make the mandatory or main contractor to be responsible for any claims from the sub-contractor’s employees (thus the need for a letter of good standing);
- The contractor may recover any such payments directly from the sub-contractor.
Letter of Good Standing:
The Letter of Good Standing is a certificate issued by the Compensation Fund to verify that a business actually exists, has paid all its statutory dues, has met all filing requirements and, therefore, is authorised to operate.
Conditions when applying for a letter of good standing:
- Employer must be registered with the Fund as per section 80 of the COID Act,
- Employer must have submitted all returns of earnings as per section 82 0f the COID Act,
- Employer must be fully assessed as per section 83 of the COID Act,
- Employer must have paid/ settled all outstanding debt as per section 86 of the COID Act.
- Employers that have entered into an instalment arrangement will only be issued with a letter of good standing on a month‐to‐month basis.
Related: Register A Company In South Africa
What happens if an employee is injured?
The amount of compensation paid to you, depends on how much you were earning when you got injured or diagnosed. If you’ve stopped working by the time a disease is diagnosed, the compensation will be worked out according to what you would’ve been earning.
Types of compensation:
Medical costs: All your medical expenses will be paid for up to 2 years, from the date of the accident or the diagnosis of the disease. You are free to choose a medical service provider you want to consult with. All medical accounts and reports should be submitted to the Commissioner.
Temporary disability: When you’re unable to work or can’t do all your work because of an injury or disease.
All medical expenses are also paid if the medical accounts are submitted to the Commissioner.
You can claim compensation for temporary disability for 1 year. This can be extended to 2 years, after which the Commissioner may decide that the condition is permanent and grant compensation on the basis of permanent disability.
Permanent disability: A permanent disability is an injury or illness that you will never recover from. The seriousness of the disability will determine whether you’ll never be able to work again or whether you’ll find work more difficult. If the disability is more than 30% disability, you will get paid a monthly pension. The size of the pension depends on what your wages were and on the seriousness of the disability. If the disability is 30% or less, you’ll get paid a lump sum. The lump sum payment is a once-off payment.
Death benefits: Burial expenses will be paid and the spouse of the deceased and children under the age of 18 (including illegitimate, adopted and step-children) are entitled to compensation. If a family member that earns money to support the family (breadwinner) is killed by an occupational injury or disease, dependants can claim from the fund.
Established in 2006, Company Partners guarantees that the services they offer meet the standards of the best in the industry. Over 30 full-time Consultants offer services and standards of the highest quality.
How To Stay On The Right Side Of The Law With A Marijuana Business
The verdict is in: It’s not (yet) legal to commercially grow cannabis, but there are multiple business opportunities for home growers that are on the right side of the law.
“The use, possession and cultivation of cannabis outside of a private space, or by, or around, under-age persons, still remains illegal,” says Paul-Michael Keichel, Partner at Schindlers Attorneys. “The caveat to this appears, however, to be that you may carry concealed cannabis in public, if the intention is to only consume it in a private space, away from under-age or non-consenting individuals.”
“What we are seeing is that most of our clients’ focus has been on the cultivation and commercialisation of cannabis itself. What is seemingly being overlooked are the secondary industries that will emerge or benefit from the legalisation of cannabis,” explains Maurice Crespi, Partner at Schindlers Attorneys.
“Take our M&R (medical and recreational) Cannabis Department as an example. Whilst not planned, it has emerged as a key department at Schindlers Attorneys. If cannabis legalisation presents an opportunity for attorneys, it begs the question as to what industry would not be presented with some form of opportunity as a result of its legalisation.
“Transport, courier services, injection moulding, advertising, fashion, accountants, medical, textiles and so on, are now all in a position to exploit the legalisation of cannabis to their benefit. I’m yet to think of an industry that will not be in a position to benefit from the legalisation of cannabis. Even Coca-Cola has found a way,” says Maurice.
Grey areas yet to be resolved
“The question that has been left open, of course, is how and where does one get the cannabis seeds to grow the plants that one is now permitted to cultivate at home, or in private? Must these be shared, or can they be sourced or sold commercially?” says Paul-Michael.
“Until this answer is clear (we’re researching presently), it’s better to err on the side of caution. However, now that the major part of the fight is lost for them, I would be very surprised if Parliament doesn’t start appreciating the massive potential for increased tax revenue that would flow from a formalised and regulated cannabis industry.
“It serves almost everyone’s interests for them to entertain this option, especially because studies show that full legalisation decreases associated harms more than decriminalisation. Consider quality control, de-stigmatisation, elimination of the black market, beneficiation, and the list goes on,” explains Paul-Michael.
“That stated, SAHPRA (www.sahpra.org.za) is entertaining licence applications by growers and distributors for medicinal use of cannabis. The requirements are very tight but, for those able to comply and get licences, the commercial opportunity is almost unquantifiable,” says Paul-Michael.
Innovative Business Solutions And Compliance
Compliance with certification is a strong way to demonstrate that you are managing your business proactively.
As a business owner, you are probably aware of where your business could improve. Sometimes a business owner would like to improve their business but is not sure how to begin. Therefore, it is of the utmost importance to develop an environment which will foster innovation and create key steps to improve your business while simultaneously trying to comply with all of the necessary legalities.
It is important for an entrepreneur to assess their situation first. Most business owners will ask the question why? Why can’t everyone will follow the same steps to success. Every business is different and unique, therefore, before you start making changes within your business, it is a good idea to make sure you have a full understanding of the factors affecting your business success and whether you are complying with necessary legalities.
Compliance may actually improve performance by giving your business a competitive edge. Legal compliance can assist you with improving your customer relations, enhancing your reputation and most importantly avoiding the cost of legal proceedings.
There’s this saying, ‘What gets measured gets improved’ explains Charles Gaudet, founder and CEO of Predictable Profits, a consulting firm that offers advanced marketing techniques to entrepreneurs who are passionate about expanding their small businesses.
Related: Compliance For Entrepreneurs
Here are a few strategies that you can use to make your business more profitable in the future.
Innovative Marketing solutions
For every business owner, marketing is an important tool to improve their businesses. You may think that you are missing an opportunity if you don’t jump right attracting customers with some type of marketing message.
However, as quoted by John Rampton ‘’one of the best things you can do to achieve growth is to slow down and spend time studying the trends.” What does this mean? While rushing into marketing your product you tend to forget certain details, and once it is out in the public its difficult to forget or to undo. Therefore, its very important to research the market and consumer trends before launching anything.
This becomes very important when you consider the potential risk to your business for the infringement of another product, which is confusingly similar to your product. You also do not wish to be guilty of using a similar brand name, slogan or logo as one of your competitors. Therefore, before you set out your personalised solutions when designing ads and directing messages to consumers ensure you are not infringing on anyone else’s rights as this will likely lead to expensive legal costs for your business.
Compliance Breeds Confidence
It is important to remember that clients are concerned whether suppliers are properly compliant. Compliance with certification is a strong way to demonstrate that you are managing your business proactively and that the money a customer will spend i.t.o. buying your goods or services, is in safe hands. Conversely a failure in compliance can, as well as exposing you to the risk of regulatory sanctions, severely damage your business’ credibility.
For example, in the financial services industry there is an increasing requirement to demonstrate strong security to both external auditors and prospective customers.
With regulation that you feel is of no value, determine how to satisfy the requirements with the minimum effort necessary. Do, however, double check that you are not missing out on a benefit that may be rewarding for your business.
In conclusion, it is important to note when improving your business one always need to act in accordance with the correct laws and procedures. Therefore, if a company is embracing the difficult task of being compliant, I recommend using this as a competitive weapon to improve your business. It just might end up making you and your team better which is usually rewarded with more business.