Data Protection, Privacy and POPIA

Data Protection, Privacy and POPIA

Data is the fuel of our business. It is in our mutual interest that we ensure a secure and safe environment for data shared by our participants, as well as for intellectual property shared by our clients. With the compliance deadline for South Africa’s Protection of Personal Information Act (POPIA) set for 1 July, I hope this article reassures you of our approach to data protection and privacy at InSites Consulting South Africa.

We take security seriously, and we are aware that safe data processing is crucial for your business. We follow industry standards (ISO27001) and international regulations (GDPR, CCPA, CSL, POPIA), and we have a dedicated data security team assessing and improving our standards continually.

Data is our fuel, and as such we strive to act as an example of how to handle it with care.

Aligning POPIA with GDPR

Since 28 May 2018, InSites Consulting has been compliant with the General Data Protection Regulations (GDPR). Having compared POPIA to GDPR, we are confident that POPIA does not add new requirements to our Information Security Management System or our Customer Relationship Management (CRM) and marketing processes.

To clarify our key obligations:

  • We follow all the relevant data protection legislations to all individuals, irrespective of location;
  • We have a Data Protection Officer based in Belgium who is officially registered with supervisory authorities in the EU;
  • We separate direct and indirect Personally Identifiable Information (PII) when processing data for research;
  • We have a Data Processing Agreement in place, and we follow all controller and processor regulations;
  • We always notify data subjects of any risk of breach within 72 hours (to date we have never had to report a breach to a supervisory authority);
  • We ensure that data subjects worldwide benefit from all rights mentioned in the GDPR, which supersedes the demands of the POPIA.


Responsible marketing

We currently store and process data in Microsoft Dynamics 365 CRM, and follow guidance from the GDPR and POPIA in this. We will only use your data to carry out our services, unless:

  1. There is a legitimate interest in contacting you, such as an issue of business (dis)continuity;
  2. You have given prior consent to receive marketing communications.

If you have given consent for us to store and process your data for marketing, you will receive our monthly newsletter, which features our latest inspirational content. You can revoke your consent from such communications at any time.

If you have any questions relating to this article, please get in touch.

Get on top of it.

Looking for the latest marketing (research) news and trends to shape the future of your brand?

You might also be interested in

Man with shopping bags and coffee

Five principles for excellent customer experience

Written by Tom De Ruyck

Customer experience (CX) is the next battleground for brands to differentiate themselves. Discover five key principles to excel in CX here.

Data quality

Let’s meet our Network Quality team

Written by Sasha Basson / Alicia Nortje-da Conceicao

Participant and data quality is one of the key drivers of InSites Consulting’s success as a research insights business. Learn more here!

Program Community

Better & faster insights for long-term business success via the Program community

Written by Angie Deceuninck

Different brands come with different research needs, requiring the set-up of a different type of online insight community. In this blogpost, we explore how the Program community combines qualitative and (directional) quantitative research to fuel decision making regarding a specific marketing domain or business objective.