Data Protection, Privacy and POPIA

Data Protection, Privacy and POPIA

Data is the fuel of our business. It is in our mutual interest that we ensure a secure and safe environment for data shared by our participants, as well as for intellectual property shared by our clients. With the compliance deadline for South Africa’s Protection of Personal Information Act (POPIA) set for 1 July, I hope this article reassures you of our approach to data protection and privacy at InSites Consulting South Africa.

We take security seriously, and we are aware that safe data processing is crucial for your business. We follow industry standards (ISO27001) and international regulations (GDPR, CCPA, CSL, POPIA), and we have a dedicated data security team assessing and improving our standards continually.

Data is our fuel, and as such we strive to act as an example of how to handle it with care.

Aligning POPIA with GDPR

Since 28 May 2018, InSites Consulting has been compliant with the General Data Protection Regulations (GDPR). Having compared POPIA to GDPR, we are confident that POPIA does not add new requirements to our Information Security Management System or our Customer Relationship Management (CRM) and marketing processes.

To clarify our key obligations:

  • We follow all the relevant data protection legislations to all individuals, irrespective of location;
  • We have a Data Protection Officer based in Belgium who is officially registered with supervisory authorities in the EU;
  • We separate direct and indirect Personally Identifiable Information (PII) when processing data for research;
  • We have a Data Processing Agreement in place, and we follow all controller and processor regulations;
  • We always notify data subjects of any risk of breach within 72 hours (to date we have never had to report a breach to a supervisory authority);
  • We ensure that data subjects worldwide benefit from all rights mentioned in the GDPR, which supersedes the demands of the POPIA.


Responsible marketing

We currently store and process data in Microsoft Dynamics 365 CRM, and follow guidance from the GDPR and POPIA in this. We will only use your data to carry out our services, unless:

  1. There is a legitimate interest in contacting you, such as an issue of business (dis)continuity;
  2. You have given prior consent to receive marketing communications.

If you have given consent for us to store and process your data for marketing, you will receive our monthly newsletter, which features our latest inspirational content. You can revoke your consent from such communications at any time.

If you have any questions relating to this article, please get in touch.

Get on top of it.

Looking for the latest marketing (research) news and trends to shape the future of your brand?

You might also be interested in

SITEisfaction 2021

SITEisfaction 2021 – Capitec wins Best Digital Bank

Launched in 2012, the SITEisfaction® report is our annual measure of customer satisfaction with digital banking services in South Africa. SITEisfaction® 2021 insights include internet banking, mobile banking, the threat of fraud, and changes in banking behaviour during the ongoing lockdown in South Africa.

Reporting 10% year-on-year growth

Reporting 10% year-on-year growth

After embarking on a successful acquisition strategy with six agencies joining forces in the last three years, we can proudly report a 10% organic growth rate over the last 12 months, despite the global COVID-19 pandemic.

Ensuring business continuity in COVID-19 times

As a digital-first agency we have been adopting habits and building best-in-class systems to offer 24/7 support to businesses across the globe since our inauguration at the end of the ‘90s. But these days, it is good to make the implicit explicit, to ensure our research participants, our partners, our clients and our stakeholders that we remain 100% operational.