14 September 2020 Employment Alert

POPI and the Employment Life Cycle

POPI hails a new dispensation for employers and employees. It introduces obligations on employers and grants rights to employees in an attempt to balance the right of employers to conduct a business with the right to the privacy of its employees. POPI is not limited to the parties to an employment relationship, but there is no doubt that they are subject to its protections. Employers must apply themselves to the application of POPI in all aspects of the employment life cycle. The CDH Employment Team have created the following infographic to assist you in doing so.

POPI and the Employment Life Cycle

1. Engagement (advertising, recruitment and selection)

Examples of PI in the Engagement Process

Curriculum vitae; identity document; educational qualifications and transcripts; interview forms; psychrometric test results; email addresses; cell phone number; criminal and background checks. 

Notes for the engagement process

The personal information (PI) of applicants’ must be obtained directly from them, unless derived from a public platform.

Where an employer makes use of a recruitment agency, the applicant must consent to his/her PI being obtained from the recruitment agency.

The PI of unsuccessful applicant(s) must be destroyed once a decision has been taken not to employ the applicant(s). 

2. Employee onboarding, induction & Training

Examples of PI in the Onboarding process

Contract of employment; residential address; next of kin contact details; medical aid details; biometrics; email address; cell phone number; bank account details; payslips; and SARS tax  records. 

Notes for the onboarding process

  • The nature of the information required pertaining to a next of kin constitutes PI in terms of POPI, as it is information related to an identifiable, living, natural person.
  • Accordingly, an employer must (i) notify the next of kin that their PI is being processed and (ii) only process PI pertaining to a next of kin with their consent. 
  • The onus of proof rests with the employer to prove that consent was received from a next of kin.

3. Day to day employee management and engagement with unions 

Examples of PI in day to day management  

Screening records in the context of COVID-19; Employee personnel file; disciplinary records; leave applications; Doctors notes; Drug & Alcohol test results; performance reviews and the processing of information related to Trade Union membership. 

Notes for day to day management 

Recommended action to be taken by employers:

  • Ongoing analysis of PI to verify the quality, accuracy and completeness of the PI;
  • Conduct risk assessments to determine loopholes in the protection of PI;
  • Revise HR policies and contractual arrangements; and
  • Revise and update contractual arrangements.

4. Termanation of Employment

Examples of PI  the Termination process 

The following  should be retained on termination for the applicable periods as per legislation: Contract of employment  (3 years); Arbitration Awards (3 years); SARS employee records (5 years); OHSA Incident records (3 years); Employee disciplinary records (indefinite) 

Notes for termination of employment 

  • Save for the information that must be retained in terms of applicable legislation, an employer must dispose of information where an employment relationship is terminated.
  • PI retained for further processing in terms of section 15(e) of POPI must be processed solely for that purpose and should not be published in an identifiable form.
download PDF

The information and material published on this website is provided for general purposes only and does not constitute legal advice.

We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter.

We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages.

Please refer to the full terms and conditions on the website.

Copyright © 2022 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com

Related Expertise

You may also be interested in