GET HELPBasic Compliance Package

Our POPIA Assistance is suitable for all enterprises and is designed for anyone wanting to manage their own POPI implementation but who requires some guidance on what to do and how to go about it.

Our team provides a POPI service by providing guidance and limited implementation assistance.

Should you require additional assistance to amend or review contracts with third parties; amend or review internal policies; draft disclaimers or consent forms; or arrange training for your Information Officer, our legal experts are able to provide a bespoke quotation on an excellent rate.

To take advantage of this special offer, kindly complete the form on this page or contact Heike Endres at 087 255 5503 or popi@barnardinc.co.za.

ABOUT POPIWhat is the POPI Act?

The aim of the POPI Act is to control the way in which personal information is handled and to regulate how that personal information should be processed, to ensure it is done in a responsible way.

This would include the methods of collection, usage, storage, dissemination, alteration and destruction of any personal data and information. The POPI Act headlines this process by asking you to identify a “processor of information” in your organisation and then to hold them accountable should any information be abused or compromised in any way.

For the most part, the requirements of POPI compliance are self-explanatory and easily implemented. The impending POPI compliance deadlines provide your organisation with an ideal opportunity to review the sort of information and data that you collect to manage all your client interactions, and store and use data for marketing purposes, among other tasks.

YOUR POPI JOURNEY | THE STEPSUnderstand the POPI Requirements

The principles of POPI can be divided into eight practical guidelines that help us understand how we must legally process personal information. Every company that processes personal information, will need to comply with all eight of the requirements. In turn, each section has its own unique set of requirements.

1. Accountability

Your company will need to determine who will be responsible to ensure compliance with the POPI Act. This person will normally be the director of the company or an Information Officer that is appointed by the company, depending on the size of the business. The natural person responsible for compliance with the POPI Act is known as the Information Officer. Your company can appoint the Information Officer by way of a Director’s Resolution.

2. Processing Limitation

Any Personal Information that you collect must be processed lawfully in a reasonable manner that does not infringe on the privacy of a data subject such as your client or marketing database. The personal information may only be collected and processed if it is adequate, relevant, and not excessive. And most importantly, personal information can further only be collected if the data subject consented to it! You can only collect data directly from the data subject.

3. Purpose Specification

A company should only collect the information that is necessary for them to fulfil a specific purpose, and it must only be used for lawful purposes. The Information Officer will need to ensure all information is relevant and up to date and should only keep personal information for as long as it is necessary. The company should have limited access to personal information long enough for them to perform the purpose of that data.

4. Further Processing Limitation

The further processing or use of personal information is expressly prohibited by the POPI Act unless that processing is compatible with the initial purpose of collecting information – or if the further processing of the information is done with the data subject’s consent.

5. Information Quality

The company that processed the information, has a duty to ensure the information is kept up to date, complete and correct. This duty can be transferred to the data subject (owner, client or employee) providing the personal information. The Terms & Conditions or agreements entered into must expressly communicate that it is the data subject’s duty to ensure their personal information remains updated and they should communicate any changes on to the relevant party within the company.

6. Openness

The data subject can request that the company provide them with the record, or a description of their personal information held by the company. Then, the company must provide this information to the owner of the information within a reasonable time, in a reasonable manner and in a format that is generally understandable. It would be best that the company prepare itself for requests of information by the data subjects. They should have a procedure in place to deal with this type of request. This can be as simple as having the data subject complete and sign a form requesting certain information.

7. Security Safeguards

The POPI Act states that processors of information are responsible for protecting all the personal information they have in their possession. As such, your Information Officer will need to be able to provide proof that they have taken all reasonable steps to ensure that all personal information held is safeguarded. The company should also identify all reasonable and foreseeable internal and external risks to data abuse, theft or loss, and establish and maintain appropriate safeguards.

8. Data Subject Participation

Data subjects have the right to establish whether personal information is held by a responsible party and to have it corrected or destroyed if it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or has been obtained unlawfully.

DOWNLOAD POPI INFOTap to download our free POPI Guide and Policy Template

GET POPIA ADVICEBusiness owners are entitled to a free telephonic consultation

Looking for a First-Class Legal Partner for your business?