POPI on the horizon – the do’s and don’ts of direct marketing

“I operate a cash loan business and in order to attract new clients we hand out flyers and send SMS’s and e-mails to individuals whose contact details we obtained from a third party. Will I be able to market my services to potential clients once POPI comes into operation?”

Direct marketing practices are considered to be a legitimate business interest for many businesses worldwide and are used primarily for attracting new clients. There are, however, certain do’s and don’ts when it comes to direct marketing practices in South Africa, which are currently regulated by the Consumer Protection Act 68 of 2008 (“CPA”) and the Electronic Communications and Transactions Act 25 of 2002 (“ECTA”).

Whether a business may legitimately engage in direct marketing practices in South Africa essentially comes down to the type of consent that is required from consumers to conduct these practices. Consumers may choose to either participate in direct marketing (“opting-in”) or to cease their participation in such activities (“opting-out”).

In terms of the CPA direct marketers may market their products and services to consumers until they choose to opt-out. Therefore, the permission of consumers is not required for a business to contact consumers telephonically, send e-mails and/or SMS’s. The ECTA, however, requires marketers to inform consumers of their right to opt-out of these communications. In the event that a consumer opts-out and does not wish to be contacted again, the CPA obliges marketers to acknowledge that the consumer has opted-out and keep a record in order to ensure that the person is not contacted again.

The Protection of Personal Information Act 4 of 2013 (“POPI”), which aims to protect the privacy of consumers and their personal information, has been signed into law, but is not yet fully in operation. POPI will alter the legal position in relation to direct marketing practices in South Africa, as it will repeal the sections of the ECTA relating to direct marketing and both the CPA and POPI will apply to the various facets of direct marketing. 

POPI will apply to all direct marketing that takes place by electronic means, which includes communication by way of automated calling machines, facsimile machines, SMS or e-mail. However, POPI will not apply to direct marketing that takes place by non-electronic means, such as by registered post, the handing out of flyers and telephone calls etc. which will still be governed by the CPA.

POPI distinguishes between existing customers and new customers when considering the requirement to obtain consent for direct marketing practices. As a general rule, opt-out consent will be required for existing customers while opt-in consent will be required for new or prospective customers.

Therefore the position in relation to your direct marketing practices will be as follows once POPI comes into operation:

The handing out of flyers will be governed by the CPA and you will be entiled to distribute these to consumers until a potential client elects not to receive them again, at which point you will have to keep a record of the consumer’s refusal and refrain from contacting them again.This position will also apply to telephone calls and communication via post or in person. 
Sending SMS’s, e-mails and other electronic communication to potential clients will require these persons to first consent to these communications being sent as required by POPI, before you may contact them.

If your business engages in direct marketing practices that makes use of electronic communications, it may be necessary to approach a legal specialist to assist you with the drafting of proper consent forms, notices, privacy policies and e-mail banners, in order to ensure that your direct marketing practices are in line with POPI.

May 8, 2017
International: Privacy by Design – prioritizing security in business

International: Privacy by Design – prioritizing security in business

In today’s current digital space, safeguarding privacy and ensuring that your business is compliant with the various cyber laws and data privacy regulations is crucial to ensure that business operations are well protected. In this article, PR de Wet and Mishka Cassim, from VDT Attorneys Inc., seek to address some of the most important issues companies face and need to consider on a global scale when addressing privacy concerns.

South Africa: POPIA and prior authorisation to process personal information

South Africa: POPIA and prior authorisation to process personal information

The Protection of Personal Information Act, 2013 (Act 4 of 2013) (‘POPIA’) requires a responsible party to apply for and obtain authorisation prior to processing certain identified categories of personal information. With POPIA compliance deadlines fast approaching PR de Wet and Hayley Levey, from VDT Attorneys Inc, analyse the POPIA prior authorisation regime.

Sign up to our newsletter

Pin It on Pinterest