JOHANNESBURG – The information regulator on Tuesday issued its first “enforcement notice” to training agency FR Ram Consulting to crack down on direct marketing messages.
The regulator said it issued the enforcement notice following complaints of direct marketing.
The regulator responded to complaints following numerous direct marketing messages received by data subjects (persons to whom personal information relates).
Despite multiple opt-out attempts and requests to be removed from the company's mailing list, FR Ram Consulting blatantly ignored the data subjects' pleas and continued to send marketing messages via email.
The regulator has announced that it has issued an enforcement notice to FR Ram Consulting after finding violations of various provisions of the Protection of Personal Information Act (POPIA).
In the enforcement notice, the regulator inter alia prohibits FR Ram Consulting from immediately sending unsolicited direct marketing messages to any data subject by any means of electronic communication, including telephone, fax, SMS, email and automated telephones. I ordered it to stop. Persons who have not consented, including the complainant.
The regulator requires FR Ram Consulting to ensure that the first communication sent to a data subject seeks the data subject's consent and that such data subject must only be approached once for consent. I ordered what must be done.
FR Ram Consulting was also directed to use the form prescribed by the regulatory authority for this purpose.
The regulator said use of this form remains mandatory.
“They must also ensure that such messages are only sent to data subjects for whom their consent has not been withheld in advance,” the regulator said.
FS Ram Consulting will compile and maintain a database of all data subjects who have previously refrained from receiving, or have not consented to, receiving unsolicited direct marketing messages and will submit the design of such database to any regulatory authority. I was ordered to do so.
FR Ram Consulting was also ordered to provide undertakings to the regulator regarding compliance with these orders.
Regarding the violation of the Protection of Personal Information Act (POPI Act or POPIA), the regulator said it determined that FR Ram Consulting had interfered with the protection of the personal information of data subjects.
This means that FR Ram Consulting has breached the conditions for the lawful processing of personal data.
Additionally, the regulator found that FR Ram Consulting also violated section 69 of POPIA, which regulates direct marketing using unsolicited electronic communications.
“Our tolerance for direct marketing through unsolicited electronic communications will become a thing of the past. Because it violates the rights of subjects,” advocate Pansy Trakula said. , Chairman of the Information Regulatory Authority.
“In response, we have also produced guidance notes that clearly explain the dos and don’ts of processing personal information for direct marketing purposes through unsolicited electronic communications.”
The regulator found that FR Ram Consulting did not comply with POPIA and Article 69 ( It was determined that 1) and (2) had been violated. or the webinars it offers.
The data subject was provided with the option to “opt out”, but the situation did not improve.
The regulator ordered FR Ram Consulting to comply with the instructions contained in the enforcement notice and to present its instructions to the regulator within 90 days of receipt of the notice.
Breaching an enforcement notice is considered a breach of the law and, if convicted, can result in a fine of up to R10 million or imprisonment for up to 10 years, or both a fine and imprisonment.
What to do and what not to do with POPIA
Article 69(1) of POPIA provides that the processing of personal data of a data subject for direct marketing purposes by any form of electronic communication is prohibited unless the data subject consents to the processing.
Article 69(2) clearly provides that a responsible party may approach a data subject only once to seek consent from a data subject who has not previously withheld consent.
POPIA defines consent as a voluntary, specific and informed expression of intent to be given permission to process personal information.
This article was originally published by TheBulrushes. It is republished by TechFinancials under the Creative Commons Attribution-NoDerivatives 4.0 International License.Read original article