Tag: compliance

Are you a victim of fake POPI news?

Since the Information Regulator South Africa – IRSA – came into office in December 2016, the pace has been picking up in the market for Protection of Personal Information Act (POPIA) products and services.

This has had a spill-over effect on the Promotion of Access to Information Act (PAIA), which also forms part of the responsibilities of the IRSA.

Unfortunately not only has the pace picked up but there has been some confusion sown through what might best be described as questionable marketing practices and erroneous reporting. One contact of mine recently received an email which included the following statement “The Promulgation of POPI, (The Protection Of Personal Information Act) in the Gazette on 26 November 2013 now means you are required to update your PAIA Manual to incorporate the POPI.”

This is misleading, since the Government Gazette did not include the commencement of the POPI Act or even the commencement of the transition period. The same marketing email continued with the statement “ALL information users now must have strict chain-of-custody processes in place.” This is far from the case, as the POPI Act makes no reference to a “strict chain-of-custody”. In similar vein the email stated “Businesses or persons who use/hold/verify or even request your Personal Information MUST now conform to the Act.” Not true.

This will only be so under certain conditions once the POPIA transition period has ended and right now it has not even started.

The same email then offers to help with the appointment of a “Compliance Officer”. No such individual is mentioned or required in terms of either POPIA or PAIA. What is required is an Information Officer, possibly supported by one or more deputies depending on the needs of each organisation. In September the IRSA issued a set of draft regulations which included specific reference to the role and duties of the Information Officer, more about which is available at the IRSA web site.

Perhaps of greatest concern is the statement that “at (name withheld) we made it very easy for you to get compliant in a simple and completely tax deductible manner. It takes you about 10 minutes to complete this process on our website.” Given the duties outlined in the IRSA draft regulations this statement should at least be seen as misleading.

This and other marketing emails that I have seen also push organisations to create or update a manual to comply with PAIA. In truth there are numerous exemptions to that requirement. To check whether you need to publish a PAIA manual please refer to the notice that appeared in the Government Gazette on 11 December 2015, signed by the then Minister of Justice and Correctional Services. For a free copy of the notice visit www.gpwonline.co.za and search for edition 39504.

Not only commercial organisations are guilty of mis-stating the facts. The Star newspaper ran an article in the Saturday Star Personal Finance column during September 2017 which contained the statement “The 12-month grace period to comply with the PoPI Act has expired, and the legislation is being applied in the public and private sectors.” That is factually incorrect and I wrote to the author of the article twice in an attempt to have this incorrect statement corrected.

One of my letters (in part) appeared in the Personal Finance column on Saturday 30 September 2017 under the heading “Incorrect correction about PoPI Act”. The explanation of the true state of affairs was published along with an apology to me personally from the editor.

I repeat those contents below for completeness:
“On September 23 2017 on page 21 in the Personal Finance section an item appeared titled “Correction to article on PoPI Act”. Unfortunately the correction itself is incorrect. To state that the “12 month grace period for market compliance is now in force” is factually incorrect. The only sections of the PoPI Act that have commenced refer to the definitions of the Act and those provisions allowing the establishment of the Information Regulator South Africa (IRSA). These appeared in the Government Gazette in April 2014.”

In summary, be sure you are dealing with reputable sources when seeking advice on how and when to comply with new legislation in general and POPIA and PAIA in particular.

By Dr Peter Tobin

The South African Revenue Service (SARS) has done over 100 inspections of “cash and carry” businesses in Gauteng in the past month, it said in a recent statement.

About half of the businesses inspected did not comply with SARS’ rules regarding registration, filing or payment.

“SARS is closing in on those who under declare on their tax liability, both individuals and companies. We encourage all taxpayers to ensure their affairs are in order and they are contributing their fair share towards the cost of running the country,” says commissioner Tom Moyane.

The inspections of cash and carry businesses had seen several audit cases concluded, raising tax assessments for the past financial year by more than R600-million.

“There is a significant risk of under declaration due to poor record keeping and high volumes of cash transactions in this sector,” SARS says.

Registrations were now being conducted, with follow-ups on outstanding returns, collection of outstanding debt and further risk profiling for full audits where there was evidence of under declaration and collection of outstanding debt.

Negotiating payroll compliance

Compliance in any facet of business management is critical, but specifically when it comes to finances – hence the focus on accuracy and efficiency in payroll administration.

While payroll administration has always been demanding and has to be run by skilled practitioners with meticulous attention to detail and a heightened sense of responsibility, HCM and HR experts agree it has become complicated.

Businesses are compelled to be registered with various industry bodies, for example Department of Labour (UIF, Employment Equity, etc.), Commissioner of Occupational Injuries and Diseases (COID, FEM, RMA), SARS (PAYE, SDL, UIF), Bargaining Council and so on.

This level of industry compliance means that there are a number of common pitfalls that typify payroll administration.

Some of these pitfalls include incorrect calculation of statutory deductions, failure to submit statutory submissions for example Department of Labour (UIF19, EEA2, EEA4 etc.), Commissioner of Occupational Injuries and Diseases (COID, FEM, RMA), SARS (EMP501, EMP201) and so on.

“The financial penalties for being non-compliant are very harsh,” says Ian McAlister, GM of CRS Technologies.

“And there are minimum requirements to be factored in, stipulated by the various Acts. There are several levels to compliance and this can be tricky for many businesses to handle – especially small-to-medium businesses that may not have the available capital to invest more in their payroll/HR capacity.”

According to HR and HCM solutions and services provider CRS Technologies an automated payroll for a small business generally starts at about R15 per employee, per month if run in-house.

“Outsourced payroll in the region of R100 per payslip per month. A competent payroll administrator would earn about R30k per month,” says McAlister.

Going forward, the likelihood is that as payroll administration calls for more specific skills sets, legislation will be passed that will make it an offence to not run payroll on a recognised payroll system.

The company believes that it is next to impossible to run a compliant payroll on a spreadsheet.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top