Page 37 - Q&A Book.indd
P. 37
These considerations are based on the underlying intention of POPI that
personal information should remain protected and secure even after it
has been transferred to another country where POPI does not apply.
In addition to the above, POPI also requires that personal information
can only be transferred to another country if one of the following primary
circumstances is present:
• The country to which the information will be sent affords an
adequate and similar level of protection to the personal
information as that afforded by POPI, as well as other countries
to which the personal information may be subsequently Commercial
transferred.
• The recipient of the personal information in the foreign country
agrees to treat the personal information in accordance with the
provisions of POPI.
• The person whose personal information is being transferred
abroad consents to the transfer.
• The transfer is necessary for the performance of a contract
between the person whose personal information is being
transferred and the responsible party.
• The transfer is necessary for the conclusion of a contract
between the responsible party and the third party in the other
country.
Your travel agency, as a responsible party that processes the personal
information of its clients, will be bound to comply with POPI. The most
effective way to ensure that a cross border transfer of personal information
is POPI compliant, will be to obtain the consent of the relevant persons
whose personal information is being transferred abroad.
This will require that you have POPI compliant consent forms and
agreements which should be signed by your clients. It may not always
be possible to obtain this consent beforehand, and it will therefore be
advisable to seek the help of an attorney to help advise you on how
to utilise your consent forms or other methods to ensure your POPI
compliance, should obtaining consent upfront not be possible.
32
