POPI Act Compliance – why should I comply with the Act?
Many organisations are wondering about POPI Act compliance, what it is and what they should be doing about it?
We believe that apart from the legal obligation, there are good reasons for complying with the Act. We like to see the reasons as a stick and a carrot!
So where are the “stick and carrot” for POPI Act compliance?
Think about how broad the definition of “personal information” can be: customers, employees, suppliers, in fact anyone we interact with as an organisation has personal information. Get it wrong in terms of POPI Act compliance and potentially stiff penalties could be heading your way, with fines of up to R10 million and potential time behind bars, as well as reputational damage and potential loss of income as a result. That’s the “stick” part of the story.
Get it right in processing personal information in accordance with the POPI Act and you can enhance your reputation with all your stakeholders. The “carrot” aspect also recognises the opportunity to boost confidence in your business by demonstrating the way you provide leadership and good governance in the way you process personal information. Get really creative and you will discover the POPI Act can help you to create new products and services, address new markets and keep ahead of your competitors while delighting your stakeholders.
What is the POPI Act?
The POPI Act has 8 conditions and a number of other areas, key points about the 8 conditions are shown below.
- Accountability = assigning ownership in your organisation;
- Processing Limitation = processing information for lawful reasons and in a manner that does not infringe privacy;
- Purpose Specification =only obtaining and holding personal information for a specific purpose;
- Further Processing Limitation = Further processing of personal information must be compatible with the purpose for which it was collected;
- Information Quality = ensuring that information is complete and accurate;
- Openness = informing individuals that their information has been obtained and the purpose thereof;
- Security safeguards = the integrity of personal information must be secured using appropriate, reasonable, technical and organisational measures;
- Data Subject Participation = a data subject has the right to request access to their personal information that you hold; to request the information is deleted or corrected if appropriate.
So where should you start?
Free IACT-Africa 20 Question POPI Act Compliance Health Check
The easiest and quickest place to start is to try our 20 Question POPI Act Compliance Health Check. Click here to access the health check.
IACT-Africa 37 Question POPI Act Compliance Assessment
Before you commit to any of our products or services, why not take advantage of our offer of a low cost assessment? In addition to the POPI Act Compliance Health Check, a 2 hour assessment is offered to help you gain an understanding of your readiness for POPI Act compliance. This is a 37 question assessment which is based on the conditions, chapters and sections of the POPI Act. It can be delivered onsite if you are situated in or around Johannesburg/ Pretoria or via Skype/Google Hangouts if you are not in our area. An assessment report is provided after the assessment. Please contact us to take up this offer.
An assessment of your status of POPI Act compliance is a good place to start. Compliance gaps can be identified and plans for more detailed analysis and remedial action can be developed based on the outcome of the free assessment.