Protection of Personal Information Act
How we can help you become and stay compliant.
Supporting the Information Officer
This product comprises a virtual service made available to businesses on a permanent basis through payment of a monthly fee. Generally, this service comprises an oversight and control framework which considerably eases the duty upon the CEO or the relevant delegated officer towards fulfilling his or her Information Officer duties.
POPIA Compliance Journey
Completion of a standardized assessment to understand your POPIA risks and provisional data profile. The assessment produces a report that shows the areas requiring further intervention.
Based on the POPIA assessment results, we engage with you on understanding the risk areas elevated in the assessment report, identifying the scope of intervention required and proposing the roadmap to compliance that highlight the priorities of implementation.
POPIA Policies and practices
We assist you with formulating and implementation of POPIA polices and best practices.
Want to know more?
Download our POPIA brochure
Compliance with the Protection of Personal Information Act (POPIA)
WHY IS POPIA NECESSARY?
Although we value our privacy, through the things we do virtually, personal information is freely shared in the digital reality we now live in. The importance of protecting our personal information deserves recognition, though, given the increase of cyber crimes and the harm our digital personalities face in the everyday expanding digital economy. Users of personal information, being they businesses or institutions, are called to a higher standard with the introduction of POIPA, specifically in the way that personal information is being collected, used, stored and protected.
WHAT IS PERSONAL INFORMATION?
Personal information is any information that can identify any person, organization, business or institution to other people.
The information an organization collects, uses or stores is not limited to only natural living persons but includes information about juristic persons like companies and institutions.
Personal information for businesses is therefore not limited to only personal information of its employees and customers, but also its business to business dealings.
Personal information is widely defined in POPIA, but includes, name, age, gender, marital status, information about finances, jobs, education, phone numbers, physical and email addresses. The act makes provisional for even stricter rules around special personal information, like religious beliefs, race and social and political memberships and health data.
WHAT HAPPENS IF I DO NOT COMPLY?
Non-compliance holds severe consequences for all parties involved in the business, whether the business itself, its employees or its customers.
- Loss of trust in the business
- Reputational damage
- Loss of revenue
- Financial penalties
- Criminal sanctions
- Misuse of own data
- Possible insolvency
It is important to ask these questions:
- Where do I begin this journey of compliance?
- What are the important aspects to address following from my risk assessment?
- Do I understand the impact of POPIA on my business?
- What data do I collect and process?
- Who are my data subjects?
- How do I use my data, and do I share data?
- Where and how is my data stored?
- How secure is my data?
- Are my suppliers’ data secured?
- Who will use my data?
- Is POPIA the only information compliance regulation required for my business?
Through the project towards compliance, we pursue the following practical outcomes:
- Your business will have a designated and registered Information Officer trained and guided to steer the process of maintaining compliance.
- Your business will have obtained consent for processing personal data.
- Your agreements with third parties where relevant will have been implemented or refined to provide for compliance.
- You will have polices implemented for information privacy, information security procedures, incident responses, information manuals and data breach reporting procedures