South Africa’s ‘Protection of Personal Information Act’ brings specific focus to the way in which companies must collect, use, share, transfer, store or delete personal information. The Act is sometimes referred to as ‘POPI’. Personal information includes, among others, the name, contact details, identity number, banking details, biometric information (e.g. thumbprint), racial or ethnic information, political persuasion or criminal behaviour of an individual.
To become and remain compliant, you will need to adopt a risk-based approach to how you:
- Address the way you collect, use, store and share personal information
- Train your staff in terms of how they can use this information
- Prepare and implement data protection, and other relevant policies
- Put in place systems to manage individuals’ access to their data as well as security breaches
Employing a service that empowers your organisation to self-implement your information protection program is the most cost-effective option.
One such service is POPI365, which is a cloud-based solution which provides you with the tools necessary to remove the complexities of compliance. Advantages of this cloud-based application include:
- Compliance-related material is stored safely in one, easy-to-access place.
- A single interpretation of requirements, rather than fragmented across a manual implementation
- Pre-formatted governance documents as well as Operator contracts and data sharing agreements are ready to be filled in; Compliance tasks include risk-ranked checklists. Staged procedures for access to and breaches of personal information.
- Communication and acknowledgement of training and awareness material are easily accessible online.
- No filing, maintenance or space issues.
- Fixed annual cost.
- Real-time audits and assessments of your program
There are 8 Conditions which drive the core of POPI’s requirements. These are Accountability; Processing Limitation; Purpose Specification; Further Processing Limitation; Information Quality; Openness; Security Safeguards and Data Subject Participation. These conditions expand to include the need for every organisation/entity to have the necessary systems and processes in place for:
- Employee Awareness and Training
- Operator Management
- Information Sharing
- Data Subject Access
- Security Breach Management
- Direct Electronic Marketing, and
- Transfers of personal information beyond SA’s borders
How can we help?
With this ‘devolution’ of accountability and responsibility, there is, potentially, going to be as many interpretations of POPI’s requirements as there are entities within the group. Similarly, the responses to data subject access requests and breaches might also be varied and inconsistent. The intra-group processing and sharing of personal data could prove nightmarish if not smartly managed.
The process of becoming compliant needn’t be a daunting task. At POPI365 we have created a service that simplifies and manages the process of POPI compliance, enabling you to easily get your compliance documentation in place, train your employees on an ongoing basis and start managing your direct marketing, HR and IT services. POPI365 manages and stores all contract documents with your Operators as well as data sharing agreements. POPI365 provides a full workflow to manage data subject access requests which also includes the requirements found in the Promotion of Access to Information Act, or PAIA. POPI365 also provides a full workflow to manage any breaches in the security of your personal information.
‘POPI365 – Always Compliant’
To find out more about POPI365 please click the button below.