The POPI Act and marketing best practices

By Sián Fields, Intellectual Property and Technology Law Consultant at Reynolds Attorneys

Being a small business in this operating environment is not an easy feat. It is little wonder then that a business owner may try anything to generate new business, whether that is going online and starting an eCommerce store, offering great deals and sales, or putting their marketing into overdrive.

However, while the latter is important, especially as businesses have been advised against going dark (i.e. reducing their advertising) during tough times, it has to be done with extreme caution what with POPIA (the Protection of Personal Information Act).

“The Act does not offer special treatment to small businesses who do not comply with its rules. Understanding how to procure and use personal information for marketing purposes is essential – or else business owners could be liable for contravening the Act and will need to ensure compliance,” says Sián Fields, Intellectual Property and Technology Law Consultant from Reynolds Attorneys.

- Advertisement -

What then does this mean for SMEs who need to reach new prospects to keep their business going?

Newsletters: For starters, the days of sending newsletters out to everyone and sundry, in an effort to gain new customers is over. This form of marketing has been the choice of many SMEs as it’s relatively inexpensive to do, and can achieve good results. From the implementation of the Act however, newsletters cannot be sent to anyone, without their consent. “This will need to take the form of express and explicit consent to receive electronic direct marketing. Someone following you on social, signing up for a competition online or in-store would not qualify. Consent will be a necessity going forward,” advises Fields.

Cookies: We are also facing a cookie-less future both under the Act and across the world, as the protection of personal information becomes increasingly pertinent. A cookie is a text file that contains small pieces of data – like a username and password. They are used to identify a consumer’s computer as they use a computer network. Cookies are responsible for all that “how did they know I am interested in that product?” online marketing that is experienced on a daily basis. Going forward, this invasive marketing will no longer be allowed without express consent, and consumers will need to give their permission when receiving marketing content.

“Marketing is certainly having to shape up and the old days of spamming people with unsolicited information will be well and truly over. While this is a win for the consumer, it does make life harder for SMEs to generate new leads,” says Fields.

She advises these 9 tips for best practices that SMEs need to consider before they market under the new Act:

  1. Ask whether the personal information you collect about people is really needed. Avoid asking consumers to login, register or provide personal details unless you need to use them. You can however request this if someone makes an enquiry or wants to do business with you.
  2. SMEs must make their intentions of acquiring their information very clear, and explain why it is being collected and what it will be used for. Communicating this on your website is highly recommended.
  3. You are required by law to ensure your customers’ data is secure. As such, ask your IT support on how to encrypt information and only allow those staff who are trained to keep it secure and looked after to access it.
  4. When using a third party, such as someone who manages your newsletters, give them a written contract to sign to ensure that they too will ensure that your customers’ prospects’ information is safe at all times.
  5. If you do use a customer’s information to send them marketing information such as a newsletter, SMEs must be aware of the rules under POPIA. The Information Regulator publishes guidance notes for understanding provisions of POPIA.
  6. Your website might be used by other brands to market their products or services. So while you’re not legally responsible for this content, consumers may think otherwise. As such, it’s wise to have proper procedures in place if a customer lays a complaint about a particular ad.
  7. If you don’t need the information that has been collected, then securely get rid of it.
  8. Consumers have a right to ask if any of their information is being used for marketing purposes. As such ensure that all staff know how to deal with a ‘subject access request’.
  9. To add to the previous point, make it easy for consumers to check their information that you hold. Do so by allowing them to update or correct any of their records if they are outdated or wrong.

“SMEs must ensure that they are familiar with POPIA, train their staff where necessary and ensure that all personal information is safe and secure,” concludes Fields.

- Advertisement -

Being a small business in this operating environment is not an easy feat. It is little wonder then that a business owner may try anything to generate new business, whether that is going online and starting an eCommerce store, offering great deals and sales, or putting their marketing into overdrive.

However, while the latter is important, especially as businesses have been advised against going dark (i.e. reducing their advertising) during tough times, it has to be done with extreme caution what with POPIA (the Protection of Personal Information Act).

“The Act does not offer special treatment to small businesses who do not comply with its rules. Understanding how to procure and use personal information for marketing purposes is essential – or else business owners could be liable for contravening the Act and will need to ensure compliance,” says Sián Fields, Intellectual Property and Technology Law Consultant from Reynolds Attorneys.

- Advertisement -

What then does this mean for SMEs who need to reach new prospects to keep their business going?

Newsletters: For starters, the days of sending newsletters out to everyone and sundry, in an effort to gain new customers is over. This form of marketing has been the choice of many SMEs as it’s relatively inexpensive to do, and can achieve good results. From the implementation of the Act however, newsletters cannot be sent to anyone, without their consent. “This will need to take the form of express and explicit consent to receive electronic direct marketing. Someone following you on social, signing up for a competition online or in-store would not qualify. Consent will be a necessity going forward,” advises Fields.

Cookies: We are also facing a cookie-less future both under the Act and across the world, as the protection of personal information becomes increasingly pertinent. A cookie is a text file that contains small pieces of data – like a username and password. They are used to identify a consumer’s computer as they use a computer network. Cookies are responsible for all that “how did they know I am interested in that product?” online marketing that is experienced on a daily basis. Going forward, this invasive marketing will no longer be allowed without express consent, and consumers will need to give their permission when receiving marketing content.

“Marketing is certainly having to shape up and the old days of spamming people with unsolicited information will be well and truly over. While this is a win for the consumer, it does make life harder for SMEs to generate new leads,” says Fields.

She advises these 9 tips for best practices that SMEs need to consider before they market under the new Act:

  1. Ask whether the personal information you collect about people is really needed. Avoid asking consumers to login, register or provide personal details unless you need to use them. You can however request this if someone makes an enquiry or wants to do business with you.
  2. SMEs must make their intentions of acquiring their information very clear, and explain why it is being collected and what it will be used for. Communicating this on your website is highly recommended.
  3. You are required by law to ensure your customers’ data is secure. As such, ask your IT support on how to encrypt information and only allow those staff who are trained to keep it secure and looked after to access it.
  4. When using a third party, such as someone who manages your newsletters, give them a written contract to sign to ensure that they too will ensure that your customers’ prospects’ information is safe at all times.
  5. If you do use a customer’s information to send them marketing information such as a newsletter, SMEs must be aware of the rules under POPIA. The Information Regulator publishes guidance notes for understanding provisions of POPIA.
  6. Your website might be used by other brands to market their products or services. So while you’re not legally responsible for this content, consumers may think otherwise. As such, it’s wise to have proper procedures in place if a customer lays a complaint about a particular ad.
  7. If you don’t need the information that has been collected, then securely get rid of it.
  8. Consumers have a right to ask if any of their information is being used for marketing purposes. As such ensure that all staff know how to deal with a ‘subject access request’.
  9. To add to the previous point, make it easy for consumers to check their information that you hold. Do so by allowing them to update or correct any of their records if they are outdated or wrong.

“SMEs must ensure that they are familiar with POPIA, train their staff where necessary and ensure that all personal information is safe and secure,” concludes Fields.

- Advertisement -

Must Read

Latest Articles