The Act applies to any person or organization who keeps any type of records relating to the personal information of anyone, unless those records are subject to other legislation which protects such information more stringently.
Who needs to register for Popi?
The Act applies to any person or organization who keeps any type of records relating to the personal information of anyone, unless those records are subject to other legislation which protects such information more stringently. It therefore sets the minimum standards for the protection of personal information.
Do I need to be Popi compliant?
It does not matter who your data subjects are
You would, however, need to comply with the GDPR regards South African data subjects. But if you are domiciled outside of South Africa but you process personal information in South Africa, you must comply with POPIA.
What does the POPI Act say?
The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons).
Below is How to Become A Popi Complaint In South Africa
The enactment of the General Data Privacy Regulations (GDPR) in the EU last year and the imminent proclamation of the effective date of South Africa’s own data privacy legislation, the Protection of Personal Information Act, 2013 (“POPI”), has been the cause of disquiet for many organisations’ directors and compliance officers.
Stricter data privacy legislation demands that organisations implement strict data processing standards to ensure the privacy and security of personal information. Penalties for non-compliance are hefty, as is evident from the EUR50-million fine imposed on Google in January this year for non-compliance with data privacy legislation.
While ensuring compliance might seem overwhelming, it can in fact be achieved in five easy steps:
Appoint or reassess the role of the information officer.
In terms of the regulations under POPI, the duties imposed on the information officer have been extended and now include certain mandatory duties. The default information officer of a private body is its head, which is generally the CEO, unless it has been delegated.
The first step to compliance would therefore be to appoint an information officer if the organization does not already have one, or to reassess the role of the existing information officer in line with the requirements set out in POPI.
Create awareness
. In order to ensure effective compliance, buy-in from senior management all the way down the chain of command is needed. Make sure employees understand what data privacy legislation entails and what is required of them. This can be achieved through interactive awareness training.
Personal information impact assessment
Once all employees are informed, self-assessments and audits should start throughout the organization, within each business unit. It is important to understand what information is collected, how it is collected, by whom it is collected, what it is used for, how it is stored and processed, how it is retained and destroyed and whether it was collected with the necessary consent.
Once self-audits are completed, there should be a clear understanding of how data is being processed in the organization, and it will be in a position to identify gaps and produce a clear gap analysis and risk assessment report.
Develop a compliance framework, which can include processes and policies. A proper gap analysis will help identify which processes and policies have to be put in place. These may include:
updates to employment contracts
updates to supplier agreements
changes to marketing practices (opt-in and opt-out best practice)
implementation of policies like: personal information sharing policy, security compromises policy, subject access request policy, CCTV camera policy, bring your own device policy, Promotion of Access to Information Act, 2000 (“PAIA“) manual, to mention a few.
Implementation. The compliance framework should be implemented, monitored and maintained. Policies and procedures do nothing to aid compliance if they not properly implemented.
The last step to compliance would be to ensure the proper implementation of new policies and procedures through in depth training, awareness campaigns, annual re-training and compliance audits.
How ENSafrica’s POPI Toolkit can help achieve compliance
ENSafrica, in conjunction with a leading data privacy expert, has designed a POPI Toolkit based on international and local South African legal requirements and global best practice.
The POPI Toolkit is a comprehensive compliance programme, and is a quick and cost effective way for organisations to fast track POPI compliance and effectively manage risk.
The toolkit comprises:
half-day POPI training workshop
simplified POPI guide
POPI audit questionnaire (which can easily be used by business units to effectively conduct self-audits)
a copy of POPI and a copy of PAIA
a dos and don’ts list
data protection policy
personal information sharing policy
security compromises policy
subject access request policy
CCTV camera policy
bring your own device policy
model consent clause
model operator clauses
record retention policy
password policy
website privacy policy
cookie policy
information officer appointment letter
How do I become a Popi compliant in South Africa?
What are the steps to become POPI Compliant?
Step 1: Create Awareness. Ensure your employees are aware of the POPI Act and the regulations set out which they need to adhere to.
Step 2: Data Collection Assessment.
Step 3: Company Policies Review.
Step 4: Gap Audit.
Step 5: Implementation and Training.
How do you become a Popi compliant?
Stay Home.Stay Safe.Stay Informed.Visit https://sacoronavirus.co.za
Formalise your POPI Act compliance project.
Appoint an Information Officer.
Perform a gap analysis versus the POPI Act.
Analyse what and how Personal Information is processed.
Implement POPI Act compliance policies.
Review your web sites.
Who needs to register for Popi?
The Act applies to any person or organization who keeps any type of records relating to the personal information of anyone, unless those records are subject to other legislation which protects such information more stringently. It therefore sets the minimum standards for the protection of personal information.
Do I need to be Popi compliant?
It does not matter who your data subjects are
You would, however, need to comply with the GDPR regards South African data subjects. But if you are domiciled outside of South Africa but you process personal information in South Africa, you must comply with POPIA.
What is the new Popi Act in South Africa?
Welcome to the Protection of Personal Information Act (often called the POPI Act or POPIA) in the form of a website so everyone can access it quickly on all devices. It is so much better than a POPI Act pdf. You can also link to (or share) a specific section.
What are the consequences of not being Popi Act compliant?
Non-compliance with POPIA can result in imprisonment not exceeding 10 years and/or a fine not exceeding R10 million.
What does the POPI Act say?
The Protection of Personal Information Act (or POPI Act) is South Africa’s equivalent of the EU GDPR. It sets some conditions for responsible parties (called controllers in other jurisdictions) to lawfully process the personal information of data subjects (both natural and juristic persons).
How do I know if my company is Popi compliant?
Have a POPI professional or specialist review & audit your company policies and procedures to check if they are in line with the POPI Act. Plan or schedule frequent assessments and/or audits of the changes within your company to ensure you stay POPI compliant.
Does Popi apply outside South Africa?
In order for POPI to apply to any processing activity, such activity must take place in South Africa and the responsible party processing the information must have a place of business in South Africa. However the person whose information is processed does not have to be a South African.