https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / Bowmans RSS ← Back
Africa|SECURITY|Training|Operations
Africa|SECURITY|Training|Operations
africa|security|training|operations
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

One month left to ensure POPIA compliance – are you POPIA ready?

Close

Embed Video

One month left to ensure POPIA compliance – are you POPIA ready?

One month left to ensure POPIA compliance – are you POPIA ready?

1st June 2021

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

Today (1 June) marks 30 days until 1 July 2021 by which time all organisations need to ensure compliance with the provisions of the Protection of Personal Information Act (POPIA). Whilst many entities were hoping for an extension of the 12-month grace period afforded to organisations to comply with POPIA, the Information Regulator has recently indicated that no extension will be granted. 

So now what? With the deadline for compliance looming, here are a few steps you can take to get you closer to being ‘POPIA ready’. 

Advertisement

Personal information: What and why?

Under POPIA, organisations will be required to process personal information (information identifying natural and juristic persons) lawfully and on the basis of one of the justifiable grounds contained in POPIA. In order to do so, organisations should establish what personal information it collects in relation to, for example, its customers, suppliers, and employees, and determine whether the collection of such personal information is for a lawful purpose relating to its functions or activities.

Advertisement

Appoint and register your Information Officer

Every organisation that processes personal information in South Africa, regardless of its size or form, will be required to appoint and register its information officer with the Information Regulator. An organisation can register its information officer on the online portal established by the Information Regulator which can be accessed via the Information Regulator’s website or by completing the prescribed registration form and manually submitting it to the Information Regulator (either by delivering the form to its physical address, or by emailing it to: registration.IR@justice.gov.za).

Demonstrate how you intend to comply

Information officers are required to develop and implement a compliance framework and to conduct impact assessments to ensure that their organisations’ internal processes comply with POPIA. Each organisation is accordingly encouraged to look at its existing structures and to establish a framework to demonstrate compliance based on its specific operational requirements. 

Update your manual

Under the Promotion of Access to Information Act, the majority of organisations were required to establish a manual which served as a roadmap on how to request information and records held by the organisation. POPIA now requires organisations to update their manuals for purposes of facilitating requests for personal information. 

Be transparent

In the interests of transparency, each organisation is required to take steps to provide data subjects with details relating to how the organisation intends to process the data subject’s personal information before it may collect any personal information. Organisations should thus commence putting in place appropriate processing notifications.

Assess your security

Under POPIA, organisations are required to put in place technical and organisational measures to mitigate against security breaches. The security measures should comply with generally accepted information security practices, such as back-ups, virus programs and encryption. The appropriateness of the security measures will ultimately depend on the organisation’s operations and processing activities.

Train, train and train again

As the majority of security breaches are as a result of human error, it is vital to make the organisation aware of the requirements of POPIA and to conduct ongoing training and skills development in a manner that is relevant to personnel who handle and process personal information.

Do not panic

Although POPIA compliance may seem daunting, do not panic. Obtain support from key stakeholders and staff and start by tackling the requirements one step at a time.

Written by Nadine Mather, Senior Associate, Bowmans

 

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options
Free daily email newsletter Register Now