6 tips for easy POPIA compliance

21 Sep 2020

The South African Constitution enshrines the right to privacy, which the Protection of Personal Information Act (POPIA) gives effect to, safeguarding personal information. POPIA, which commenced on 01 July 2020, seeks to balance the right to privacy against other rights such as the right of access to, and the free flow of, information.

Private and public sector organisations that process personal information need to do so in a lawful manner, ensuring the safety of the information they have access to, protecting individuals from data breaches and information theft.

Signed into law in 2013, the Act has been implemented incrementally since April 2014, and while it allows for a 12-month period for complete compliance, it stands to reason that both the private and public sector should attempt to comply as soon as possible to protect the rights of individuals.

Ezra Pillay (LLB), Compliance Specialist: Data Protection and Technology at LexisNexis South Africa, offers 6 Tips for Easy POPIA Compliance:

• Appoint your team: Depending on the size, scope, and function of your organisation, appoint either a dedicated POPIA compliance officer or a full team.
• Assign responsibilities: Determine who is responsible for the processing, storing, managing or destruction of personal information that your organisation holds, including past and present clients.
• Upskill personnel: Train the personnel identified and ensure that your IT service provider is compliant. Sign up for the free POPIA Webinar series, presented by POPIA expert Ahmore Burger-Smidt. Click here to register.
• Subscribe to tools: Lexis Assure, from risk and compliance experts, LexisNexis provides Checklists and Alerts, ensuring that you not only “Tick” each of the relevant boxes, but stay up to date with changes in legislation.
• Get resources: Learn what type of information is governed by POPIA, and what exemptions exist. For a comprehensive understanding, purchase A Commentary on the Protection of Personal Information Act from the LexisNexis bookstore. Authored by Yvonne Burns and Ahmore Burger-Smidt, it is the first South African publication that covers the requirements for compliance, setting out the powers of the Information Regulator, possible fines, compensation, and damages. The title also looks at the impact of POPIA on employment law; non-automated and automated decision-making; outsourcing of processing; marketing and direct marketing; credit reporting and the Internet amongst others.
• Get guidance: Sign up for access to expert guidance with Lexis Practical Guidance. POPIA matters sit within the IT and Data Protection area of Lexis Practical Guidance, providing detailed step-by-step guidance on data protection in South Africa and internationally. Deconstructing the specifics of the Act, the tool offers an easy to understand “how to guide”, explaining what needs to be prioritised and what aspects of the Act apply to your organisation.

Avoid penalties, reputational damages and putting your clients at risk. Get access to tools that provide detailed and understandable commentary, with practical checklists in plain, understandable language, helping you to ensure compliance.

See also:

• POPIA: Focus on consent and legitimate interest
• The search for your Information Officer begins now
• Protection of Personal Information Act finally commencing on 1 July 2020
• Is your organisation POPIA ready?
• PoPIA Regulations – Responsibilities of the information officer
• POPIA’s effective date released

(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)