POPI Act Compliance Assessment
Many organisations are wondering about POPI Act compliance, what it is and what they should be doing about it?
Apart from the legal obligation, there are good business reasons for complying with the Act, such as advancing your reputation with stakeholders and identifying opportunities for product and service innovation that the POPI act presents.
So where should you and your organisation start?
We recommend your take our 20 Question POPI Act Compliance Health Check – NO CHARGE NO COMMITMENT
An assessment of your status of POPI Act compliance is a good place to start. Compliance gaps can be identified and plans for more detailed analysis and remedial action can be developed based on the outcome of the free assessment.
- The Health Check takes under an hour to complete
- You can easily identify key actions required to improve compliance
- You get a copy of the completed Health Check report
This initial assessment is likely to prompt you to investigate your POPI Act readiness in more depth, particularly the completion of a full risk assessment as required in the POPI Act condition 7: security safeguards. For this we have a wide range of specialist assessments including physical and cyber security, information asset management, review of contract and policy risk and staff training needs.
We like to see the reasons for POPI Act compliance as a stick and a carrot!
So where are the “stick and carrot” for POPI Act compliance?
Think about how broad the definition of “personal information” can be: customers, employees, suppliers, in fact anyone we interact with as an organisation has personal information. Get it wrong in terms of compliance with the POPI Act and potentially stiff penalties could be heading your way, with fines of up to R10 million and potential time behind bars, as well as reputational damage and potential loss of income as a result. That’s the “stick” part of the story.
Get it right in processing personal information in accordance with the POPI Act and you can enhance your reputation with all your stakeholders. The “carrot” aspect also recognises the opportunity to boost confidence in your business by demonstrating the way you provide leadership and good governance in the way you process personal information. Get really creative and you will discover the POPI Act can help you to create new products and services, address new markets and keep ahead of your competitors while delighting your stakeholders.
What is the POPI Act?
What is the POPI Act?
The Protection of Personal Information Act provides the legislation to help ensure the right to privacy for individuals and organisation. It covers the processing of personal information from a number of aspects. The POPI Act has 8 conditions and a number of other areas: key points about the 8 conditions are shown below.
- Accountability = assigning ownership in your organisation;
- Processing Limitation = processing information for lawful reasons and in a manner that does not infringe privacy;
- Purpose Specification =only obtaining and holding personal information for a specific purpose;
- Further Processing Limitation = Further processing of personal information must be compatible with the purpose for which it was collected;
- Information Quality = ensuring that information is complete and accurate;
- Openness = informing individuals that their information has been obtained and the purpose thereof;
- Security safeguards = the integrity of personal information must be secured using appropriate, reasonable, technical and organisational measures;
- Data Subject Participation = a data subject has the right to request access to their personal information that you hold; to request the information is deleted or corrected if appropriate.