POPIA compliance is part of the new normal for operating in the South African market. At BulkSMS.com, we have made every effort as a data processor to ensure we are POPIA compliance ready so that we can bolster your data protection efforts and help you comply with SMS industry regulations.
While POPIA has been around for a while, it is only implemented from 1 July 2021
POPIA was first enacted in 2013 as South Africa’s move to align with the Europe Union’s data protection regulations (which predated the 2016 General Data Protection Regulations (EU GDPR) which came into force in 2018). The Regulations relating to the Protection of Personal Information were then published in 2018.
On the 24 March 2021, the Information Regulator (South Africa) put out a media release announcing that it was 100 days until South African organisations need to be POPIA compliant by 1 July 2021. From this date the full implementation and enforcement of the Protection of Personal information Act (POPIA) will be in effect.
This will mean that all private and public bodies will need to ensure that their processing of personal information (also referred to as personal data) conforms to POPIA.
What we have been doing to become POPIA compliance ready?
At BulkSMS.com we have reviewed our organisational and technical measures to ensure that we are POPIA compliance ready. We have built on our existing GDPR compliance readiness put in place in early 2018. A year ago, we initiated a data privacy management programme to manage our data protection compliance obligations, including attending to POPIA compliance.
Among the steps taken by BulkSMS.com to date, and in recognition of the role that data protection plays in the global economy and to support our data protection compliance efforts, we have appointed a Privacy Officer to manage the data privacy management programme. As our privacy champion, the Privacy Officer acts as the company’s Deputy Information Officer, works closely with our client services, business operations and technology teams to implement data privacy policies, processes and practices and runs our staff awareness training programme.
POPIA compliance and the SMS industry
POPIA compliance obligations for SMS messaging are already baked into the regulations governing the industry. The SMS industry in South African is regulated by the Wireless Application Service Providers’ Association (WASPA), an industry member body. BulkSMS.com is a long-standing member of WASPA and abides by the WASPA Code of Conduct that governs its members’ SMS messaging practices.
POPIA places obligations on business and non-profit organisations to gain consent when sending SMS messages to their contacts. Specifically, POPIA requires an opt-in regime for consumers to receive direct marketing SMS messages. Direct marketing is covered by section 16 of the WASPA Code of Conduct, stipulating, among the provisions in this section, that a consumer can opt-out from direct marketing by replying STOP to an SMS message or can register their mobile phone number with the WASPA Do Not Contact Registry to pre-emptively block any direct marketing messages.
How does BulkSMS.com help your POPIA compliance efforts?
BulkSMS.com enables you to comply with the WASPA Code for Conduct requirements for direct marketing in the following ways to helps you comply with the requirements of managing consent for POPIA purposes:
- We have a STOP reply facility in place to enable opt-outs from SMS messaging. When a contact on your list replies STOP to a message they have received, the BulkSMS platform automatically blocks that contact’s mobile phone number for your account. This means that you will not be able to send further messages to the contact. Note: the STOP reply facility works for all SMS messages that you send to your list of contacts.
- We have a WASPA DNC Registry look-up system that places a block on direct marketing messages for a number registered with the WASPA DNC Registry. We have put in place the ability for you to whitelist your account if you are not sending direct marketing messages. For more information on this whitelisting facility see our FAQs page here.
- We have also compiled a refresher on SMS best practices to help with industry compliance, available here. This guide includes topics that address the distinction between transactional and promotional messages, opt-in consent for messaging, make use of opt-out instructions in your messages, adhering to data protection regulations for the collecting, processing and storing the personal data relating to your SMS campaigns.
For more information about the STOP reply facility or the WASPA DNC Registry look-up system, please email our Support Desk at firstname.lastname@example.org
In terms of ensuring POPIA compliance within a client-supplier relationship and provide you with data privacy assurances as a trusted SMS messaging provider, we have implemented – and continue to improve on – our organisational and technical measures to safeguard your and your contacts personal information processed by BulkSMS to deliver your SMS messaging services.
For more information about our POPIA compliance readiness efforts, or to request a Data Processing Addendum to govern our business relationship regarding the processing of personal information, please contact our Privacy Officer at email@example.com.