Legal Advice

For a business, digital content such as logos, marketing materials, blog posts, and videos are valuable assets that help distinguish your business. However, without proper safeguards, your content could be misused or copied by others.

Here is how to protect your digital content and minimise copyright infringement risks:

Under South African copyright law, original works like text, images, videos, and software are automatically protected when created. This means you do not need to register them, but you must be able to prove ownership if a dispute arises.

Practical Tip: Keep original drafts, timestamps, or metadata as evidence that you created the content.

Including a clear copyright notice on your content signals to others that it is protected. For example:

“© [Your Business Name], [Year]. All rights reserved.”

Practical Tip: Add this notice to your website, documents, and digital media, such as social media posts or e-books.

Watermarks are an effective way to secure visual content like photos, graphics, and videos. They make it harder for others to use your content without your permission.

Practical Tip: Use tools like Adobe Photoshop or free online services to add watermarks with your logo or business name to your images.

Regularly check if your content is being used without permission. Tools like Google Alerts or reverse image search can help you identify unauthorised use.

Practical Tip: Set up alerts for your business name or specific phrases unique to your content.

If you allow others to use your content, define the terms through licensing agreements. Specify where and how the content can be used.

Practical Tip: Use a written licence to set clear rules on how others can use your content. Specify where, how, and for how long they can use it.

By taking these simple steps, you can protect your digital assets and ensure your hard work is respected.

As South African SMEs increasingly turn to cloud services for data storage and management, it is crucial to ensure compliance with local data privacy laws, particularly the Protection of Personal Information Act (POPIA). This law governs the collection, processing, and storage of personal data, and non-compliance can result in heavy fines and reputational damage. Here is how you can ensure that your business complies with POPIA when using cloud services.

Not all cloud service providers follow the same data protection standards. Before signing any contract, verify that your cloud provider complies with POPIA and has security measures in place to protect personal data.

Practical Tip: Request a copy of the provider’s data protection policies, and check if they are registered with the Information Regulator or offer contractual clauses that align with POPIA.

It is important to know where your cloud provider stores your data, as it impacts POPIA compliance. If stored outside South Africa, ensure the provider meets POPIA’s cross-border data transfer requirements.

Practical Tip: Request a data processing agreement (DPA) from the provider detailing their compliance with POPIA's cross-border transfer rules.

Personal data stored in the cloud should be encrypted, both in transit and at rest. This ensures that even if unauthorised access occurs, the data is unreadable.

Practical Tip: Confirm with your cloud provider that data is encrypted using industry-standard encryption methods. For extra security, consider encrypting sensitive data before uploading it to the cloud.

Limit access to personal data stored in the cloud. Only authorised personnel should have access to customer information, and access permissions should be regularly reviewed.

Practical Tip: Implement role-based access controls (RBAC) to ensure employees only have access to the data they need for their specific roles.

POPIA requires businesses to only retain personal data for as long as necessary. Review your cloud service provider’s data retention policies and ensure they align with POPIA requirements.

Practical Tip: Set up automatic data deletion protocols to remove personal information once it is no longer needed, or when the retention period expires.

Ensure your cloud service contract includes terms related to data protection, specifying how your data is handled, stored, and processed.

Practical Tip: Ensure the DPA with your cloud provider clearly outlines their obligations under POPIA.

By following these practical steps, you can use cloud services confidently, knowing your customer data is protected and compliant with South African data privacy laws.

In today’s digital age, electronic signatures (e-signatures) have become a widely accepted method for signing contracts and agreements, offering convenience and efficiency. However, there are certain instances where an electronic signature may not be legally recognised in South Africa. Entrepreneurs, business owners, and professionals must understand when an e-signature is not allowed to avoid complications and ensure that their documents hold legal weight.

While electronic signatures are generally accepted in South Africa, there are specific types of documents where an e-signature is not sufficient. These include:

Contracts concerning the sale, donation, or transfer of land or property must be signed in writing by all parties involved. This requirement, derived from the Alienation of Land Act, necessitates a physical, handwritten signature. Electronic signatures are not accepted for these transactions due to the significant financial and legal implications of property ownership.   

Similar to property sales, long-term leases (typically exceeding 20 years) registered with the Deeds Office require physical signatures. The rationale here is to maintain a robust and verifiable record of these substantial agreements.

While the digital space is evolving, traditional wet ink signatures are still strongly advisable for wills in South Africa. Although courts have shown a willingness to, in certain circumstances allow electronically formed wills, this process requires high court approval. Therefore it is much safer to have a traditional signed document.

Some negotiable instruments, such as bills of exchange, may require traditional signatures for certain aspects of their transaction. It is always wise to investigate the requirements surrounding these documents specifically.

Various pieces of legislation may stipulate that certain documents must be signed in writing. Entrepreneurs should verify the specific requirements of any applicable laws before relying on an electronic signature.

Although South African law allows for e-signatures, parties involved in a transaction can choose to reject them. If any party to an agreement does not wish to sign electronically, and such wish is documented in the agreement, the document cannot be validly signed using an e-signature. This is particularly relevant in high-value or complex transactions, where parties might prefer the assurance of traditional methods to prevent the risk of fraud or technical issues.

Another situation in which an electronic signature may not be allowed is when there are disputes regarding the authenticity of the signature. If a party challenges the validity of an e-signature, the burden of proof may lie with the person who signed the document to prove that the signature was indeed theirs. In situations where the authenticity cannot be sufficiently demonstrated, an e-signature might not be recognised.

While e-signatures are incredibly useful, South African entrepreneurs should adopt a cautious approach. Here are key best practices:

By understanding the limitations of electronic signatures and adhering to best practices, South African entrepreneurs can leverage the benefits of digital transactions while mitigating potential legal risks.

As a small business owner involved in online sales, it is crucial to understand your obligations under South Africa’s Consumer Protection Act (CPA). The CPA protects consumers, ensuring that they are treated fairly and transparently, even in the online space. By knowing and implementing the key aspects of the Act, you can avoid legal issues, build trust with your customers, and create a positive shopping experience.

The CPA gives consumers certain rights when purchasing goods or services, even when the transaction occurs online. These rights aim to protect consumers from unfair practices and ensure they receive value for their money.

Key rights include:

Practical Tip: Always provide detailed descriptions of your products, including high-quality images, and be upfront about shipping fees or any additional charges. This transparency helps build consumer trust and ensures you comply with the CPA.

A well-defined return policy is a key part of doing business under the CPA, especially when it comes to online sales. The Act allows for certain conditions under which consumers can return goods, and it is important that your return policy is clear, accessible, and compliant with the law.

Under the CPA, consumers have the right to return goods under the following circumstances:

Practical Tip: Clearly state the timeframe for returns (e.g. “Returns are accepted within 7 days of receipt of goods”) and include any exclusions (e.g. “Non-returnable items include opened or used products”).

Once a consumer decides to return a product, the supplier (you) must ensure the refund process complies with the CPA. If the consumer is entitled to a refund, the supplier must process this within 30 days from the return request.

The consumer is also entitled to the refund in the same manner they paid. For example, if they paid with a credit card, they should receive their refund to that card.

Practical Tip: When a consumer requests a return or refund, promptly communicate the process and timeline. This not only complies with the CPA but also fosters customer satisfaction.

The CPA gives consumers the option to choose between a refund, repair, or replacement if the goods are faulty or defective. If a consumer receives a product that is damaged or not as described, you must offer them one of these options, based on their preference:

Practical Tip: Make sure you have a process in place for handling these requests quickly and professionally. It is also a good idea to inspect returned items to determine the cause of the issue and avoid similar complaints in the future.

Having a return policy is essential, but it’s equally important to ensure that customers are aware of it before making a purchase. Under the CPA, consumers must be made aware of their rights before completing a transaction.

While the CPA offers strong protections, it also outlines certain exceptions to return rights. For example, consumers do not have the right to return items such as:

Practical Tip: Clearly outline any exclusions in your return policy to avoid confusion or disputes.

Complying with the Consumer Protection Act when running an online business is not just a legal requirement – it is also an opportunity to build strong, lasting relationships with your customers. By providing clear information, offering fair return policies, and respecting consumer rights, you can create a positive shopping experience and grow your business. Take the time to review your policies and make necessary changes, ensuring your business is fully aligned with the CPA.

1.  Understand What POPIA Covers

POPIA protects personal information, which includes any data that identifies an individual, such as names, email addresses, ID numbers, and even browsing habits. If your business collects, stores, or processes this data, you must comply with POPIA.

Practical Tip: Start by listing all the types of personal information you collect. This could include data from your website, social media platforms, or email subscriptions.

2.  Get Clear and Informed Consent

POPIA requires you to obtain your customers’ consent before collecting their data. This means they must understand what data you’re collecting, why you need it, and how you’ll use it.

Practical Tip: Add a clear privacy notice to your website. For example:

3.  Securely Store Customer Data

Once you have collected data, it is your responsibility to protect it against breaches or unauthorised access. POPIA mandates implementing appropriate safeguards.

Practical Tip:

4.  Limit Data Collection and Retention

Only collect data you truly need. POPIA also requires that you delete or de-identify personal information when it is no longer necessary.

Practical Tip:

5.  Train Your Team on POPIA Compliance

If your team interacts with customer data, ensure they understand their responsibilities under POPIA. Human error is a common cause of data breaches.

Practical Tip: Provide basic training for employees on topics like phishing scams, password security, and handling customer data.

6.  Respond to Data Subject Requests

Under POPIA, customers have rights regarding their personal data. They can request access to their information, updates, or deletion.

Practical Tip:

Your privacy policy should clearly explain how you collect, use, and store customer data. It must be easy to read and accessible.

Practical Tip:

8.  Use Contracts for Third-Party Service Providers

If you share customer data with service providers (e.g. payment processors, email platforms), POPIA requires you to ensure they comply with data protection standards.

Practical Tip:

9.  Have a Data Breach Response Plan

Despite best efforts, breaches can happen. POPIA requires you to notify affected individuals and the Information Regulator if personal data is compromised.

Practical Tip:

10.  Register Your Information Officer

POPIA requires each business to appoint an Information Officer responsible for ensuring compliance. For most SMMEs, this role automatically falls to the owner.

Practical Tip:

Register your Information Officer on the Information Regulator’s website.

Final Thoughts

Complying with POPIA may seem overwhelming, but by taking these practical steps, you can protect your customers’ data and build trust in your business. Start small – focus on consent, secure storage, and a solid privacy policy. Over time, these practices will become part of your daily operations, ensuring you meet legal requirements and safeguard your business reputation.

Significance of digitalisation in businesses: Digitalisation is important in businesses as it is used as a model to improve operational efficiency and effectiveness. It is also an important tool to deal with the unpredictable and uncertain nature of businesses.

For example, businesses that adopted and embraced digitalisation during the Covid-19 pandemic faced fewer negative impacts as opposed to those that did not adopt a digitalisation model. A company’s success today depends on its agility. Thus, digitalisation helps in creating a competitive advantage.

Digitalisation is also important to reduce human errors, thus reducing operational costs.

How digitalisation in businesses can go wrong:

It is important that businesses develop a strategy that aligns with the business’ strategy, goals, and objectives. Lack of a clear strategy that is aligned with the business means that the strategy is bound to be ineffective and fail to deliver the desired results. Furthermore, digitalisation can go wrong where companies do not set out realistic expectations, resulting in poor implementation.

Digitalisation can be complex and requires a significant investment of time, money, and resources. Therefore, it is important for businesses to carefully plan and execute these projects to minimise the risk of failure. This also requires training employees to ensure that they are well-prepared and can easily adapt to the use of new technologies and associated changes.

Digital transformation can be expensive, especially for small businesses. Digitalisation can, in these instances, be done in phases in accordance with the business’ financial capabilities.

Digitalisation in businesses can raise security and privacy concerns for business, customers, and employees. Companies therefore ought to implement security measures to mitigate these risks.

• For example, in 2021, Kroger announced that it would be investing $1.2 billion in digital transformation initiatives. However, the company has since faced several challenges, including technical difficulties with its new self-checkout machines and a data breach that exposed the personal information of millions of customers.

• In 2019, a company called Equifax in the United States of America (USA) was fined $700 million by the Federal Trade Commission (FTC) for failing to protect the personal data of its customers. The FTC found that Equifax had failed to implement adequate security measures, which allowed hackers to steal the personal data of over 145 million people.

• Furthermore, in 2020, Zoom was fined $85 million by the FTC for failing to protect the privacy of its users. The FTC found that Zoom had collected personal data from its users without their consent, and that it had failed to take adequate steps to protect this data from unauthorised access.

• These challenges have a detrimental effect not only on the company’s financial arm, but also has the potential to cause damage to the company’s reputation and good name.

One way to reduce digitalisation failure is to start on a small scale and then scale up the project if it is successful. It is important for businesses therefore to constantly measure their progress based on their strategy and track their results.

Companies also need to be adaptable and flexible as the digital landscape is constantly changing.

It is also important for companies to consider the legal and ethical implications associated with digitalisation. For example, businesses should be careful not to use digital technologies in a way that discriminates against customers or employees.

Businesses should also be transparent about how they collect and use personal data i.e., in terms of the Protection of Personal Information Act (POPIA). By being ethical and transparent, businesses can build trust with their customers and employees.

Businesses can also adopt best standard practices such as the International Organization for Standardization (ISO)/IEC 27001 standard. This standard provides businesses globally with a framework for protecting their information assets, including personal data.

Another example is the Payment Card Industry Data Security Standard (PCI DSS). The PCIDSS assists businesses to protect against possible fraud and data breaches.

Digital transformation can be a daunting task, but it is essential for businesses that want to stay competitive in today's economy.

It is also essential for businesses to consult with experts to ensure that they adopt appropriate digital technologies and ensure that they comply with laws and regulations. Businesses can also make use of international standards as guidelines.

Digital IP is afforded protection by law, much like traditional IP. Copyright protects original works of authorship, such as literary, dramatic, musical, and artistic works.

Trademarks protect words, phrases, symbols, and designs that are used to identify and distinguish goods and services from those of others.

Trade secrets protect confidential information, such as customer lists, formulas, and manufacturing processes.

For businesses to protect their digital IP, it is important to use strong passwords, encrypt their data, back up files, regularly check for risks of IP infringement, and lastly, take legal action if IP is infringed.

It is vital that companies and their employees are cautious when using social media to avoid legal recourse. Individuals and businesses need to always obtain permission before using external or third parties copyrighted content. This includes photos, videos, articles, and music, although these may already exist in the public domain.

In a reported judgment in 2017, the High Court awarded damages to the photographer after the respondent had posted the photographer's copyrighted photo on his social media account without consent. The respondent’s claim that he had found the photo on the internet and that he believed it was in the public domain was regarded by the court as an insufficient.

Businesses also need to be careful when using external or third parties’ trademarks, logos, and designs.

Businesses should regularly check and monitor their social media accounts for unauthorised use of any of their IP.