This is our final blog post of the series on the Protection of Personal Information (PoPI) Act and how it will affect insurers.
PoPI’s arrival is going to bring a significant level of protection to individuals and organisations in South Africa with regard to how their personal information is stored, retained, and utilised. The cumulative effect of PoPI, in conjunction with other legislation, will give individuals significant control of how their personal information is used.
The challenge for insurers is twofold. Firstly, to adapt existing insurance systems, processes, and governance policies to comply with the legislation. Secondly, to endeavour to use PoPI to better engage with customers.
Whilst PoPI is naturally the main focus for South African insurers, they may have to consider what additional work is required to be compliant with GDPR. In this context, GDPR applies if a South African insurer operates within the EU domain and when personal information is transferred to, or from, the EU (for instance, processing the data of an EU member state citizen or temporary resident). Additional requirements, such as the privacy impact assessment, tougher data consent rules, and quicker breach reporting, all have to be catered to. Also, the prospect of significantly higher penalties for non-compliance with GDPR cannot be ignored.
PoPI is now a reality and the year grace period for market compliance is underway and will affect South Africa’s public and private sectors. For South African insurers, it makes sense to be as well prepared as possible for PoPI, but also to try to maximise any potential new business opportunities that arise.
In our view, a modern PAS and a digital insurance software suite are the recommended route for insurers looking to not only be fully compliant with PoPI and GDPR, but also to provide a unique customer experience and operate with greater efficiency.
Read more about Sapiens’ core insurance software.