The Protection of Personal Information Act 2013 is finally effective in South Africa from 1 July 2021.
What does this mean to me?
Every and any Entity that processes any Personal Information has to be aware of the implications of this.
You need to have a plan in place to ensure the safety of all the Personal Information that you process and mesures to ensure that you are allowed to process the Personal Information.
Failure to do so can lead to fines and/or prison.
What can I do?
The onlinePoPI tool is here to help you manage your whole PoPI journey.
onlinePoPI will guide you through what you need to do to become PoPI Compliant.
onlinePoPI will also generate the documentation, declarations, policies, forms and registers you will need.
onlinePoPI will keep you up to date as the Law and/or Regulations change, and as you progress with your own PoPI journey.
What is onlinePoPI?
onlinePoPI is a leading cloud based online compliance tool, brought to you by the team from onlineMOI.
The onlinePoPI tool, will take you through 25 Sections of the PoPI Act asking you simplified relevent questions to your entity to determine your compliance status, building customised documentation for your entity, and giving you a plan of things to work on to become PoPI Complipant where necessary
What are the Main Pillars of PoPI?
An Information Officer needs to be assigned and registered with the regulator
A Framework needs to be developed around how you process Personal Information
Your Data Subjects need to give you consent to process their Personal Information and be aware of how you plan on using their Personal Information.
You must not misuse your Data Subjects Personal Information and safe guard it to ensure other third parties cannot misuse it as well.
The 8 Protection Principles of Lawful Processing:
- Accountability - see PoPI section 4
The Responsible Party’s needs to ensure that the conditions imposed by the Government have been properly complied with.
- Processing Limitation - see PoPI sections 4, 5, 6
Personal Information must be processed for the purpose for which it was obtained.
- Purpose Specification - See PoPI section 7
Information is only collected, used and stored for carefully defined purposes and time.
- Further Processing Limitation - see PoPI section 9
Personal Information can only be reused if this usage aligns with the original purpose of collection.
- Information Quality - see PoPI section 10
Personal Information usage must be guided by ‘quality over quantity’ and therefore a Responsible Party needs to ensure that the Information it manages is complete, accurate, not misleading in nature and updated wherever necessary.
- Documentation - see PoPI section 11
The Responsible Party should be fully compliant with PAIA - Promotion of Access to Information Act (2002), and ensure that no Information is collected unless the data subject fully understands and appreciates the implications of sharing their Information.
- Security Safeguards - see PoPI sections 13, 14, 15, 16
The Responsible Party needs to ensure all Personal Information is securely and safely stored and processed.
- Data Subject Participation - see PoPI section 17, 18, 19, 20
The Responsible Party should have measures in place to answer any questions about or update any data subjects Personal Information.
I Would Like More Information?
Please see "FAQ" for answers to common questions around the PoPI Act.
Please contact us with any further questions or queries you may have:
+27 21 782 0765 or +27 82 820 5338
Brought to you by Genesis Corporate