The commencement of certain sections of the Protection of Personal Information Act, 2013 (POPIA or POPI Act) took effect on 1 July 2020. A grace period of 12 months from this date was given to comply with the Act – therefore all entities must be fully compliant with the provisions of the POPI Act by 1 July 2021.
We believe that focussing on three areas, namely POPI Training, Implementation and Monitoring will make your POPI compliance journey hassle-free and save you time, all while ensuring that your business is POPI compliant.
Whether you need help in guiding your staff through the process of understanding the POPI Act and the impact it will have on various processes and people in your business, or need support and guidance in the steps you need to take, or policies and processes you need to implement to become and remain POPI complaint, we can assist.
Contact us today to find out how we can help you become POPI compliant.
One of the first steps is to appoint and register your Information Officer with the Information Regulator. POPI designates the head of the business as the Information Officer. Depending on the type of business, the Information Officer will therefore be the sole proprietor, a partner in a partnership or CEO (or equivalent) in a company or CC. While the head of the business can delegate his/her responsibilities to any other duly authorised person, the responsibility for ensuring that the processing is done in a lawful manner will remain with the individual that ‘determines the purpose of and means for processing of personal information.’
Section 55(2) of POPIA requires that Information Officers must be registered with the Information Regulator before they can take up their duties in terms of POPIA and the Promotion of Access to Information Act (PAIA). Registration is therefore a prerequisite for Information Officers to perform their duties.
If you have answered ‘No’ to any of the questions above, you may need assistance with POPI compliance in your business.
Contact us to find out how we can help you fulfil your responsibilities as Information Officer.
The POPI Act is a comprehensive privacy law that is mandatory for all businesses within the private and public sector that process personal information in South Africa. It seeks to protect and regulate the processing of personal information, falling into the broader Constitutional right to privacy.
The POPI Act requires businesses to regulate how information is organised, stored, secured, and discarded. This ensures that the business can maintain the integrity and confidentiality of its clients’ and employees’ personal information by preventing loss, damage, and unauthorised access to the personal data. The Act therefore guarantees that personal information will be used in a responsible and ethical manner by businesses from the time it is collected until the time it is destroyed.
The commencement of certain sections of the POPI Act, which took effect on 1 July 2020, deals with, among other things:
It is critical that businesses establish and implement appropriate and reasonable technical and organisational security measures, and POPI related policies and procedures to maintain the confidentiality and integrity of personal information. However, these policies, procedures and measures will differ from business to business. Therefore, one of the first steps in understanding how the POPI Act impacts your business is to assess and identify the gaps your business may have in complying with the requirements of the Act.
You may also find it useful to create a POPI compliance project timeline and plan your implementation according to your project timeline. For more factors to consider when assessing the impact of POPI on your business and getting started with POPI compliance, click here.
Contact us for assistance with a detailed POPI GAP analysis, checklist and templates that will guide your steps, policies and processes to become POPI compliant.
It is important for businesses to protect their client and employee’s personal information entrusted to them. Non-compliance with the requirements of the POPI Act may lead to the Regulator imposing an administrative fine or even imprisonment. Your business also runs the risk of damaging client relationships and overall business reputation, should you act recklessly with personal information. It is therefore recommended to act as soon as possible to become POPI compliant to avoid penalties in the future.
Contact us if you need assistance with POPI compliance for your business.
Find out how we can assist you with POPI Training, Implementation and Monitoring