POPIA Assistance-GRIESSEL CONSULTING (PTY) LTD
Protection of Personal Information Act
Similar to the GDPR in Europe, South Africa's own Data Protection statute has effectively come into operation on 1 July 2020. All organisations and individuals processing personal information in South Africa, have to be in full compliance with the Act by 30 June 2021. We can help you to achieve this.
The legislation demands that organisations implement strict data processing standards to ensure the privacy and security of personal information. Penalties for non-compliance are hefty, and organisations can also be sued for damages by data subjects whose personal information has been compromised.The purpose of the POPI Act is to ensure that institutions and individuals conduct themselves in a responsible manner when collecting, processing, storing and sharing another person's or entity's personal information by holding them accountable should they abuse or compromise personal information in any way. It is designed to prevent the negligent disclosure of personal information.
This means that an organisation or 'responsible party' must determine the purpose and means for the collection and processing of personal information in their possession - it must be done for a specific, explicitly defined and lawful purpose related to the function or activity of the responsible party. It can also generally only capture, use and store personal information with express and informed consent by the data subject (unless otherwise permitted in terms of the Act).
In order to achieve these objectives, an Information Regulator has been established that is empowered to monitor and enforce compliance with the Act.
Organisations also have to appoint anInformation Officer(by default this is the Head of the organisation), who has to be registered with the Information Regulator, and who is responsible for compliance with the Act.
Whilst information security cannot be purchased or outsourced, certain functions relating tothe processing of information can be - such as the provision of IT and communications services, retention of backup media, or the storage and destruction of dead files.
The way forward is in developing a strategic plan which successfully defines the information system relevant to your business, combining staff training, technology capacity and information governance towards ensuring POPIA compliance.
We have developed toolkits and processes to assist clients in this regard, following a 3-pronged approach:
📌 Legal / risk management / governance;
📌 HR / administration / training; and
📌 IT / cybersecurity solutions
We'll take you through the process step by step (and as your budget allows): we provide training, assist with your information analysis process, draft policies and contract clauses and guide you through the whole implementation process. Our IT partnerwill provide advice and tools in respect of the technological safeguards you will need.
If you want to know more about what the POPI Act is about and what you need to do to comply, please read our BLOG Post by clicking on the button below.
Also look out for us on our special YouTube channel for weekly updates and interesting cyber-bytes.