3 minute read
POPIA UPDATE
Gintan Luthuli Associates –here to get you POPIA compliant
The Gintan Luthuli Associates DIY POPI Compliance System will assist your organisation to meet the legislative requirements of the Protection of Personal Information Act efficiently and effectively. The system documents and templates include 12 months of updates and support. The GLA system allows you to update policies and procedures enabling POPI compliance fast.
Advertisement
Gintan Luthuli Associates have developed a legislatively based DIY POPIA system with editable templates and guides enabling your business to benefit from our years of Risk Management expertise and put you in control of your business compliance easily, expertly and in an understandable way that you and your employees can easily follow. The system includes training and awareness modules which decrease risk and change employee behaviour without the necessity of changing your existing business services and structures.
If required, GLA can assist organisations with implementation. We also offer consultancy and in-house implementation workshops with confidentiality guaranteed.
For EU-owned South African based businesses we are able to implement a combined GDPR and POPI compliant system.
All documents are in editable Microsoft Word and Excel formats.
With five months left to get POPIA Compliant, as per advocate Pansy Tlakula’s (the POPI regulator) announcement of the commencement date for the additional regulations within the POPI Act. Every business that collects or stores personal information of persons needs to be compliant. These regulations need to be complied with before 1 July 2021.
• Have you formulated and designed your POPI system? Did you include the regulations?
• Have you implemented your POPI System?
• Is your Information Officer appointed?
• Are your Data Collection, Storage, Deletion and Non-Conformance Procedures in place?
If you have answered ‘NO’ to any of the above, then Gintan Luthuli Associates can assist. With less than five months left on the clock, we have formulated the simplest and fastest way to become compliant with the provisions of the Protection of Personal Information Act.
What is POPI?
POPI refers to South Africa’s Protection of Personal Information Act. This law regulates the “processing” of “personal information”.
“Personal information” means information relating to an identifiable, living natural person or juristic person (sole proprietors, companies, CCs etc.). This includes, but is not limited to:
• contact details: email, telephone, addresses etc.
• age, sex, race, birth date, ethnicity etc.
• history regarding medical, blood type, employment, financial, educational, criminal, biometric information
• private and business correspondence
“Processing” means what is done with the personal information collected, including, usage, storage, dissemination to third parties, alteration or deletion (whether such processing is automated or not).
Personal information is an asset.
For most businesses, personal information is an asset. Whether central to their services or only used for marketing, there is value to having quality personal information (which is a condition of lawful processing) and is secure (another condition of lawful processing). The loss of or damage to this asset results in loss of trust, reputation and can lead to loss of profit.
Some POPIA obligations are to:
• Collect only information required for a specific purpose.
• Apply security measures to protect the information.
• Only hold the information for as long as you need it.
• Allow the subject of the information to see their data held upon request.
When will I be affected by POPIA? Does POPI really apply to me?
Compliance with the Protection of Personal Information Act (POPIA), also known as the POPI Act, is mandatory for most organisations in South Africa. POPI makes it illegal to collect, use or store the personal information of consumers and businesses unless it is done in accordance with the laws and regulations prescribed in the Act.
The Act was signed into law in November 2013. The Information Regulator was setup in December 2016 and formalised in February 2017. The Commencement date has been announced and is 1 July 2021.
Accountability for compliance rests with the responsible party, meaning a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.
Non-compliance could expose the responsible party to penalties or fines including imprisonment of up to 12 months. In certain cases, penalties for non-compliance can be a fine and/or imprisonment of up to 10 years.
