As a global leader in developing cloud software to enable conversational commerce, CM.com empowers external marketing, sales, and customer support teams to efficiently engage with their customers across multiple mobile channels, but also automate these conversations. As the platform stores and integrates customer data, it is critical that CM.com, and other companies like it, comply with the act when it comes to processing and protecting personal information.
CM.com has partnered with Webber Wentzel, who has provided guidance on the best practices and procedures necessary for alignment with the requirements of POPIA. James Bayhack, Director for Sub-Saharan Africa at CM.com, explained what this means for customers, “With the work that the teams have put in to ensure compliance, CM.com customers can have peace of mind that important information is managed correctly, and that the platform’s features and functionality will help them stay on the right side of the law.”
Peter Grealy, a partner at Webber Wentzel, added, “CM.com has demonstrated that it is serious about properly implementing the requirements of POPIA on its platform. After going through Webber Wentzel’s targeted compliance programme, CM.com is able to assure its clients that its processes, systems and platform are geared towards ensuring POPIA compliance.”
The Implications of POPIA for Businesses
Although POPIA has been delayed several times, the law came into effect from 1 July 2020, with a 12-month grace period to give companies time to comply. This means that any business that receives and processes any form of personal information from individuals needs to be POPIA compliant from 1 July 2021. Compliance is a complex matter, but in essence, companies must ensure that they have explicit consent before they can process or use personal data, and even then, they can only use the data in an agreed-upon manner. If individuals give companies their data, companies can only use the information provided for its intended purpose, and they are obliged to update or remove this information if an individual asks them to. This makes managing ‘opt-in’ and ‘opt-out’ confirmations essential.
The information obtained from consenting individuals must also be properly stored and protected to prevent unauthorised access to this information. There needs to be a system in place that makes it easy to identify where this information is stored, how it is processed, who has access to it, and what it will be used for. Failure to comply with these regulations comes with significant penalties – up to 10 years’ imprisonment and R10 million fines – so it’s critical that companies take them seriously.
CM.com’s Role in POPIA Compliance
Through their work with Webber Wentzel, CM.com can confidently say that their processes, systems, and platform are geared towards ensuring POPIA compliance. CM.com also provides customers with the tools and features they need to remain compliant, simplifying POPIA’s complex requirements. For instance, CM.com provides functionality that allows individuals to opt in to communications and helps businesses further segment and manage these permissions according to specified preferences.
CM.com clients that are unsure about whether they are managing personal information in the correct way can contact CM.com for further guidance.