more info

POPI Act Non-Compliance?

What happens if you are not Popi compliant?

If you fail to comply with the POPI Act, whether intentional or accidental, you can be liable for an administrative fine of up to R10 million or 10 years in jail.

If your clients are impacted by a data breach, POPIA even empowers them to take civil action for damages and your reputation may be harmed.

Why should you comply with POPI Act?
The POPI Act requires businesses to regulate how information is organised, stored, secured, and discarded. This ensures that the business can maintain the integrity and confidentiality of its clients’ and employees’ personal information by preventing loss, damage, and unauthorised access to the personal data.
What happens if you are not Popi compliant?
Put simply, you will not be able to work with other companies if your company does not respect personal information. Your reputation is harmed. A data breach almost always results in reputational harm. Employers should comply relevant requirements of POPIA. By failing to do so, employers are at the risk of imprisonment of up to 10 years and/ or fines of up to R10 million or being liable for damages.
What is Popia compliance?
Compliance to the Protection of Personal Information Act (POPIA), also known as the POPI Act, will be mandatory for most organisations in South Africa. As the Information Regulator develops the POPI Regulations further, so the dates and requirments will become clearer.
Who has to comply with Popia?
The Act applies to any person or organisation who keeps any type of records relating to the personal information of anyone, unless those records are subject to other legislation which protects such information more stringently.
How do you comply with POPI Act?
Five easy steps to POPI compliance
  1. Appoint or reassess the role of the information officer.
  2. Create awareness.
  3. Personal information impact assessment, like the POPIA Website Assessment Tool.
  4. Develop a compliance framework, which can include processes and policies. …
  5. Get quotes if needed and run implementation strategy.
What is the purpose of Popia?
The Protection of Personal Information Act 4 of 2013 (POPIA) is the comprehensive data protection legislation enacted in South Africa. POPIA aims to give effect to the constitutional right to privacy, whilst balancing this against competing rights and interests, particularly the right of access to information.
What is the difference between Popi and Popia?
POPI is short for the protection of personal information (a topic) as opposed to POPIA which is short for the Protection of Personal Information Act (the Act). … They are both topics which refer to the protection of personal information or data, and can be used interchangeably.
Is Popi Act in effect?
After 8 years, the POPI Act is fully enacted on 1 July 2021
Who is the information regulator Popi?

Image result for How do I report a Popi violation?

The Information Regulator is a new regulator that has been created by the Protection of Personal Information Act (POPI Act). POPI gives the Information Regulator teeth – it has extensive powers to investigate and fine responsible parties.
Why was the Protection of Personal Information Act 2013 introduced?
To promote the protection of personal information processed by public and private bodies; to introduce certain conditions so as to establish minimum requirements for the processing of personal information; to provide for the establishment of an Information Regulator to exercise certain powers and to perform certain tasks.
What are the six lawful basis for processing?
The law provides six legal bases for processing: consent, performance of a contract, a legitimate interest, a vital interest, a legal requirement, and a public interest. First, most organizations ask if they have to have consent to process data.
What are the 8 principles of Popia?
Principle 1: Accountability. Principle 2: Processing Limitation. Principle 3: Purpose Specification. Principle 4: Further Processing Limitation

There are 8 to 10 things to consider with getting the POPIA Compliancy in place.

Almost all organisations are faced with the challenge of achieving and maintaining compliance with the Protection of Personal Information Act No. 4 of 2013 (POPI Act). This handy checklist provides a proven step-by-step forty-action-point approach to compliance.

1. Formalise your POPI Act compliance project

  1. Identify your relevant stakeholders
  2. Identify your project sponsor
  3. Identify your project manager
  4. Set high level scope, timescale, budget

2. Appoint an Information Officer

  1. Ensure alignment between your Promotion of Access to Information Act (PAIA) and POPI Information Officer (IO)
  2. Decide whether the CEO can fulfill the IO function or needs a Deputy/Deputies (DIO)
  3. Agree IO/DIO  roles and responsibilities
  4. Complete the formal appointment process

3. Perform a gap analysis versus the POPI Act

  1. Set interim and final targets for compliance with the POPI Act. This does not mean slavishly shooting for 100% regardless of costs and benefits!
  2. Engage with stakeholders in the assessment
  3. Use an evidence-based approach
  4. Use the assessments for ongoing compliance monitoring

4. Analyse what and how Personal Information is processed

  1. Use a broad definition of record types as per the POPI Act (e.g. CCTV, biometric)
  2. Look at various aspects as required by the POPI Act (including consent, purpose, source, sharing, destruction)
  3. Consider user rights and their management
  4. Think broadly in terms of the types of devices where data is stored – and represents a security compromise risk

5. Implement POPI Act compliance policies

  1. Review existing relevant policies
  2. Ensure your policies are reasonable and appropriate
  3. Make sure your policies are enforceable
  4. Design your Privacy Notices for diverse stakeholder groups

6. Review your web sites

  1. Run the POPIA Website Assessment Tool
  2. Get a quote to get your website POPIA ready.
  3. Implement POPIA compliancy strategy & tools on your website.
  4. Use the opportunity to implement “best practice” such as Cookie notifications
  5. Develop and implement your remediation plan

7. Update / create your PAIA manual

  1. Confirm your organisation needs a Promotion of Access to Information Act (PAIA) manual and by when
  2. Confirm whether you are a Public or Private Body as per the PAIA
  3. Review the proposed contents of your manual
  4. Ensure your PAIA manual follows the prescribed layout and includes the necessary details

8. Implement POPI compliant PI management processes

  1. Look at the PI lifecycle: including acquisition, processing, retention, and destruction practices
  2. Develop reasonable and appropriate measures to ensure ongoing compliance
  3. These could include self-assessments, health-checks, formal audits
  4. Develop your dashboard for compliance

9. Train stakeholders about their roles in POPI Act compliance

  1. Design training according to their needs
  2. Ensure you treat user education not as a once-off series of activities but part of an ongoing commitment
  3. Leverage diverse training methods, including self-study, online, classroom, audio and video
  4. Look to special needs such as the IO/DIO roles

10. Make POPI Act compliance  “Business-As-Usual”

  1. Recognise that POPI Act compliance will be the “new normal” and work that way
  2. Build compliance into your products, services and processes – adopt “Privacy By Design”
  3. Ensure ongoing monitoring of the data protection / POPI ecosystem – legislation, regulations, opportunities and threats
  4. Build POPI into your everyday operations – make POPI “Business-As-Usual”

Let’s Get Started

Ready To Comply? Let's help you now!