Compliance with POPI act

D4rkest_Light

New Member
Joined
Jun 12, 2014
Messages
4
Reaction score
0
Location
Centurion
I am trying to assist a friend that does not know a lot about IT. What does a company needs to do exactly to comply with the POPI act?
 
I am trying to assist a friend that does not know a lot about IT. What does a company needs to do exactly to comply with the POPI act?

POPI Act is basically, in short, just how a company deals with personal identifiable information, what measures are taken to protect the information and preventing unauthorized access to the data. Also, how the data is gathered, how permission was obtained, where required, and proof that the data subject gave permission to process his or her personal identifiable information.

If you run an online website, you need to be sure to have an extremely comprehensive Privacy Policy, explaining in detail, to visitors what information you collect on them and how the information will be processed and dealt with. This should also include a description of what third-party services, like Google, will collect if you make use of them on your webiste. In addition to this, you need to have a working system where visitors can choose which information they agree to being collected an what not. The Information Regulator will no longer accept just a simple Privacy Policy and terms stating by "using the site you agree to the Privacy Policy". Without offering the visitors an option to opt out, you may find yourself defending a case against you in the High Court.

As mentioned above, read the act. There are various requirements, such as employing a full time compliance officer or even nominating yourself as one. Having a dedicated contact method where people can contact you and request what information you have available on them and how it was obtained. If they need proof of permission, you need to provide that proof that they gave you permission to process their data. If there is a request to remove data, you need to ensure it is done with immediate effect, and much more. You need to adhere to all the requirements in order to stay compliant.

No matter what security and steps you take, but in 100% of breaches, you will be held liable and will pay some sort of penalty. The penalty will mainly be in relation to the security measures you have taken. Unfortunately, when it comes to acts like POPI in SA and GDPR in the UK, there are no clauses for being acquitted. You will be held responsible, legally for each and every data breach.

If your friend is still unsure, you need to urgently get hold of some consultant service to guide you through the process of becoming compliant.
 
Last edited:
Top
Sign up to the MyBroadband newsletter
X