POPIA: Processing employees' personal information and consent

Jan 17, 2021
Employers who have been thinking about updating the consent clauses in their employment contracts for the purposes of POPIA, should consider this carefully. It might be that your new clause ends up being invalid, if corresponding principles from the GDPR are applied similarly in South Africa.  
Processing of personal information is only lawful if it complies with the eight conditions specified in POPIA.          
In terms of the condition of "processing limitation", the following applies:

The processing of personal information must take place in a 'reasonable manner that does not unnecessarily infringe on the privacy of the data subject (s9).

Minimality - only the minimum amount of personal information that is necessary ('adequate, relevant and not excessive') for the purpose for which the information is needed, should be collected and processed (s10) 

Section 11 – Personal information may only be processed on one...
Continue Reading...

Breaching company procedures and dishonesty in the workplace

Dec 17, 2020


The Labour appeal Court confirmed a number of important principles around misconduct and workplace discipline in the case of Pick ’n Pay Retailers (Pty) Ltd v JAMAFO obo Maluleke and others (2020) 29 LAC.  

The employee was a trainer of cashiers. She and a colleague were gifted boxes of chocolates by a customer of the store, which she did not declare and then attempted to exchange for cash. In doing so, she breached a number of company protocols and policies (which she had been well aware of as the trainer) and when she could not succeed, tried to reverse the transactions to try and cover up her activities - involving names and passwords of other employees. She was dismissed by the company on the basis of breaching company policies and attempted fraud, despite her service of 24 years and clean disciplinary record.

The employee did not deny what she had done, but tried to justify her actions by saying that she had not wanted to siphon money from the store, but just...

Continue Reading...

Managing Workplace Discipline - do so timeously

Nov 18, 2020


An employee is pushing the boundaries. You get complaints about performance and client service. You call him/her in, express your discontent and tell them to do better. This happens a few times, but you just do not get around to formalising these little chats (who has the time, and who needs the conflict?). Then something happens that gets the attention of senior management / the Board / social media..........and all eyes are on you to address this issue once and for all. What do you do?

Famously, in our experience, a disciplinary hearing is called. This latest incident is taken and dissected to see how many of the boxes in the company's disciplinary code can be ticked in order to formulate as many charges as possible from this one incident - because this was now the last straw and the pressure is on to dismiss the employee.

So, the bulked-up disciplinary charges for the hearing include added charges like dereliction of duties; bringing the company's name into disrepute; and...

Continue Reading...

POPIA and collecting personal information during the recruitment process

Oct 26, 2020


Employers and recruitment agencies as a general practice ask for a job applicant’s current (or past) payslip when they apply for a new position. This has always been a contentious issue, but most job applicants disclose it if a prospective employer insists upon it, for fear of been side-lined if they challenge this request.

With the advent of POPIA, it seems that the shoe will be on the other foot, since such information constitutes personal information and at a minimum, the eight conditions for lawful processing must be complied with by the employer as the responsible party if it wishes to collect and use this information of a job applicant as the data subject.

The eight processing principles / conditions include –

  • minimality or processing limitation (only processing what is really necessary and relevant) and based on one or more of six lawful grounds;
  • for a stated purpose (purpose specification) that is based on and relevant to the legitimate activities of the...
Continue Reading...

POPIA and the Information Officer

Oct 18, 2020


In South Africa, the Information Officer (IO) is the person within an organisation (as the responsible party) who is responsible for compliance with PAIA (Promotion of Access to Information Act) and now also POPIA.

Who is the Information Officer?

This position is automatically assigned to the head of the organisation (such as the CEO, or a partner, or a sole proprietor in the private sector), who will be the Information Officer by default. There is however provision for designating and officially appointing someone in this position and for the appointment of Deputy Information officers to whom such powers and responsibilities can be delegated. The accountability however will remain with the Head of the organisation, regardless of a delegation of responsibilities.

It is also interesting to note that, different from the GDPR, POPIA does not make provision for the outsourcing of this position – i.e. appointing or contracting an external Information Officer. The position of...

Continue Reading...

POPIA - The Responsible Party and the Operator

Oct 14, 2020


Many organisations use agencies / consultants / service providers for a range of activities – which in all likelihood include the processing of personal information and/or special personal information. Think about recruitment agencies, IT service providers, security providers, payroll management, marketing agencies, external auditors – to name just a few. These would, for the purposes of POPIA, be regarded as third-party operators and YOU have to ensure that they comply with the Act when they process personal information on your behalf.

The Responsible Party under POPIA is a public or private body or any other person who, alone or in conjunction with others, determines the purpose of and means for the processing of personal information in their possession.

An Operator is the person (or entity) doing the actual processing.

The responsibilities, rights and obligations of operators are not the same as those of responsible parties. However, the distinction...

Continue Reading...

When employees refuse to attend meetings

Oct 04, 2020


There is a disturbing trend that seems to be raising its head in workplaces these days – employees who are called to meetings by their managers (or HR) and then simply….. well…… refuse to attend. Or demanding a detailed agenda for the meeting before considering whether to attend. Or objecting to other attendees to the meeting. Or…….

Not to put too fine a point on it, but this would typically be justified by some perceived infringement of their rights, should they attend said meeting – and hence pre-empting and avoiding the expected unfair treatment by not attending. This especially happens when the subject matter pertains to matters about the employee personally – such as performance or conduct issues.

A recent example of such a scenario was the matter of Gold One Limited v Madalani and Others (JR 1109/15) [2020] ZALCJHB 180 (9 September 2020), where the employee went so far as to resign and claim constructive dismissal,...

Continue Reading...

Data protection and using Emails

Sep 26, 2020


A large proportion of an organisations’ IP typically resides in email. Email is also the main mechanism for a host of cyber-attacks, including malware, phishing and social engineering.

POPIA compliance and data protection in relation to the use of emails, relate to technology as well as how the system is used.

On the one hand it is crucial to ensure email data security and data leak prevention solutions are put into place.

In addition, users (such as employees) should be educated in terms of meeting POPIA requirements when they send, forward or reply to emails; and also how they react upon receiving them.

Developing a compliant email strategy requires an organisation to firstly identify and map the process of email data flow as well as the various components. Then, it needs to demonstrate that this data is protected and controlled and that the organisation is aware of all of the data touch points and storage points and who has access to it.


People / Users


Continue Reading...

Changes in terms and conditions of employment

Sep 20, 2020
When and how can an employer change the terms and conditions of employment of its employees? 

Many employees (and employers) are of the view that once an employee has a signed contract of employment, that is it - it can never be changed. Many employers believe that while they can change their contract 'templates' for new employees going forward, that of existing employees cannot be altered. Inevitably, they then end up with an HR landscape that is next to impossible to navigate - no uniformity, historical differences, unequal treatment and the like.
Sometimes changes in terms and conditions are however necessary to ensure the survival of the organisation, or simply to become more competitive or efficient.

So - what is an employer to do? Unfortunately, many employers have regarded the current Covid-19 situation as a "free pass" to try and effect such changes and as a result, went about it all wrong - for example implementing unilateral reductions in remuneration by...
Continue Reading...

Retrenchments - Forfeiting severance pay

Sep 16, 2020


When will an employer be exempt from having to pay severance pay to a retrenched employee?

It is trite law that an employee may forfeit his/her claim to severance pay if he/she unreasonably refuses an offer of alternative employment in an attempt by the employer to avoid his /her retrenchment (section 41 of the BCEA). This provision incentivises an employer to provide alternative employment, but it also aims to limit job losses as a result of retrenchment processes.

But who decides when it is a reasonable alternative offer, or an unreasonable refusal of the offer by the employee?

The Labour Appeal Court considered this in a recent case where the affected employee (57) who worked in the employer's Port Elizabeth office where retrenchments were contemplated, had been offered an alternative position in the East London office. The employee refused the offer without providing any reasons.

The employer than revised the offer by increasing the...

Continue Reading...
1 2 3 4

50% Complete

Sign up for our mailing list

Be the first to know about new developments, training, news and special offers