advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

With a month to go, have you implemented these PoPIA preparation steps?

Today marks the one month mark until crucial elements of the Protection of Personal Information Act (PoPIA) come to the fore. Organisations that handle data have had a full year to properly prepare for PoPIA to come into play on 1st July 2021, but as has been the case in the years preceding, many businesses have been lax in their efforts.

With 30 days left to go, Nadine Mather, senior associate at Bowmans, has unpacked some of the important steps that businesses need to have taken or must now take in order to properly prepare for PoPIA.

“Whilst many entities were hoping for an extension of the 12-month grace period afforded to organisations to comply with POPIA, the Information Regulator has recently indicated that no extension will be granted,” the senior associate warns.

“Under POPIA, organisations will be required to process personal information (information identifying natural and juristic persons) lawfully and on the basis of one of the justifiable grounds contained in POPIA. In order to do so, organisations should establish what personal information it collects in relation to, for example, its customers, suppliers, and employees, and determine whether the collection of such personal information is for a lawful purpose relating to its functions or activities,” she adds.

For those organisations that have left it late, this is what Mather advises.

What you need to do

The first step is to appoint and register an information officer. Every organisation that processes personal information in South Africa, regardless of its size or form, will be required to appoint and register its information officer with the Information Regulator.

Registering an information officer can be done on the online portal established by the Information Regulator here. You can also complete the registration forms and send them in person to the Regulator’s or via email to registration[dot]IR[at]justice[dot]gov[dot]za.

Following the crucial step of registering an information officer, organisations will need to demonstrate how they intend to comply. Information officers are required to develop and implement a compliance framework and to conduct impact assessments to ensure that their organisations’ internal processes are POPIA compliant.

“Each organisation is accordingly encouraged to look at its existing structures and to establish a framework to demonstrate compliance based on its specific operational requirements,” adds Mather.

The information officer’s duties do not stop there, however, as each organisation has also been encouraged to create a manual as how they plan to request records and data under the Promotion of Access to Information Act. As such, an up to date manual is essential, according to Mather.

The next step is less logistical, but no less important, as organisations will need to showcase a high level of transparency.

“In the interests of transparency, each organisation is required to take steps to provide data subjects with details relating to how the organisation intends to process the data subject’s personal information before it may collect any personal information,” highlights Mather.

Once transparency is addressed, the same thing needs to happen with security. We have seen a rise in cyberattacks since the pandemic began last year and this shows no signs of lessening any time soon. As such, organisations who are not PoPIA compliant are definite targets as it likely means that they have not looked at their security in some time.

The last thing you want is to suffer a data breach on information that was not PoPIA compliant.

The final step is linked to security, as well as being an ongoing one, according to Mather – train, train and train some more. This as the majority of security breaches are as a result of human error. “It is vital to make the organisation aware of the requirements of POPIA and to conduct ongoing training and skills development in a manner that is relevant to personnel who handle and process personal information,” she stresses.

With 30 days left to go, those organisations that have not addressed PoPIA are likely scrambling now, but Mather’s final word of advise is to remain calm and take a measured approach.

“Although POPIA compliance may seem daunting, do not panic. Obtain support from key stakeholders and staff and start by tackling the requirements one step at a time,” she concludes.

While being methodical is important, what cannot be overstated, is the importance that PoPIA compliance is a non-negotiable for organisations operating in South Africa.

[Image – Photo by Glenn Carstens-Peters on Unsplash]

advertisement

About Author

More
Robin-Leigh Chetty

Robin-Leigh Chetty

Editor of Hypertext. Covers smartphones, IoT, 5G, cloud computing and a few things in between. Also a keen photographer and dabbles in console games when not taking the hatchet to stories.
advertisement

Related News

Meta starts licensing headset OS to Lenovo, ASUS, and more

SPEEDRUN – FlySafair weirdly quiet about accident during takeoff

Passengers stuck for hours as Gautrain loses power

FlySafair puts statement about aircraft incident behind pay-wall

US TikTok ban moves one step closer

Acer Chromebook Plus 514 is coming to SA next month

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.