• Follow Us

  • February 4, 2021

Is your POPI in place?

Is your POPI in place?

Is your POPI in place? 800 533 HR Studio

The do’s and don’ts of the Protection of Personal information Act have been bandied about in the media with increased fervour as the July 1, 2021 grace period deadline for compliance nears.  

The POPI Act or POPIA as it has been dubbed, has been designed to regulate the use and processing of personal information – which has become its own currency in today’s world, driving a myriad of bad behaviours for those in pursuit of other people’s private information. We only need to look at the significant increase in identity theft in the country to drive that message home.

So, there is no question as to why this is important. But just how important? Well with some market experts suggesting that your POPIA compliance will directly impact who will or will not do business with you in the near future – look how key BEEE status has become as a conduit to operate –  it is fair to say that as employers, we should sit up and take notice.

As a business owner you need to take accountability of the information you are gathering from employees, suppliers and customers, be open about where it is being used and take every measure you can to ensure its security. 

So besides doing the right thing and avoiding a huge fine or even imprisonment, here is what you must know, do and understand about POPIA. 

  1. Appoint an information officer

We live in a world where information and data is critical so having someone to manage this sensitive commodity makes sense. This role of the Information Officer, amongst other responsibilities is to ensure that the business complies with the lawful processing of personal information. It is recommended that the role be undertaken by a senior member of your team with a solid understanding of information technology and the company’s operations. 

  1. Create awareness

Let your employees, suppliers and customers know that you take the protection of their information seriously and you have taken reasonable steps to be compliant with the Act. For those employees with access to the personal information of others, ensure they understand their responsibilities and limitations too.

  1. Impact assessment

Now that your business and your people are on board it’s time to assess what you are dealing with. An impact assessment will detail who your ‘data subjects’ are from employees to suppliers and customers. Identify the type of data you are keeping and how  personal information is currently processed and handled. This assessment will identify whether any revisions to existing processes ought to be made. This stage will also uncover any potential risk that could jeopardise delicate information. 

  1. Compliance Framework 

Besides being a legal requirement for compliance, this framework ensures everyone in the business is on the same protected page. What this framework is designed to do is to ensure accountability, outline your processing limitation, purpose specification and usage limitation. 

  1. Implementation 

 Make it happen!

 Please do not hesitate to contact us if you need any support with your compliance.