As of July 1st 2021, the provisions of the Protection of Personal Information (POPI) Act take effect in South Africa.
The POPI Act aims to protect the personal information of South African people and businesses by regulating how companies handle their client data. This means that small, medium and large businesses within SA need to be aware of its implications.
The POPI Act is, by default, closely connected to email marketing, not only because individuals’ personal details are collected, but also because a person’s email address falls under the provisions of the Act.
But what else constitutes personal data and what does POPI have to do with email marketing? Let’s discuss how the POPI Act impacts your email marketing.
How POPI impacts email marketing
The POPI Act builds upon existing data protection laws such as PAIA (the Promotion of Access to Information Act) and ECTA (Electronic Communications and Transactions Act) making them even more applicable to the digital age. And with so much more online business activity, the reach of the POPI Act is far greater than before. This privacy law affects companies operating in South Africa as well as businesses that store and process personal information on a South African citizen. But what exactly constitutes personal information?
Below is a list of the information governed by POPI that you’re likely using in your direct marketing, which includes, but is not limited to:
- Gender
- Age
- Religion
- Culture
- Language
- Email address
- Telephone number
- Physical address and location
- Personal opinions, views or preferences
This means that the most commonly utilised data in email marketing is going to fall under the provisions of POPI, meaning that you, as a marketer, need to pay careful attention to the processing of this data.
When we take into account the sheer number of personalised emails that marketers send out every day, it becomes clear why the POPI has such a strong effect on email marketing. But what can marketers do to comply with the provisions of POPI?
Make sure of client opt-in
One of the biggest questions regarding email marketing and POPI is whether you can keep sending marketing emails to your existing subscribers. This includes people added to your lists before POPI takes effect. The good news is you can still send emails to these contacts!
There is no explicit need for obtaining new consent, but as of 1 July 2021, the Act states that all data subjects need to have provided consent after the first communication, or you will need to stop communicating with them if this consent is not obtained. So, you need to begin asking for consent to collect client or prospective client details as soon as possible.
How to gain consent?
Before POPI, marketers could send emails to pretty much anyone that had filled out a web enquiry form or a pop-up. This will no longer be the case as all new contacts will now have to explicitly permit you to send them marketing emails. You can no longer hide your communication policy in your privacy policy or have pre-ticked opt-in forms either. New subscribers must explicitly take an action opt-in to your newsletter or database if you want to be able to keep marketing to them.
You will also need to be specific about the channels you’re using to send marketing communication (e.g., email, SMS, cookies, etc.)
Dealing with opt-outs
This may sound obvious, but you need to make it easy for users to unsubscribe from your newsletters or mailing lists.
The Act requires you to include an unsubscribe link in your emails. These links should be clearly visible, and the process should be as straightforward as possible. When a user clicks on the unsubscribe link, they should be able to quickly remove themselves from your list. Lastly, it is recommended you should delete all the personal data you have on them. This is done to protect them, and you, in the event of a data breach. Our suggestion is to only keep the client info you need, for as long as you need it, and no longer.
