◄BACK
|
POPI & PAIA RELATED SERVICES |
Practical book on POPI published by JUTA and authored by Francis Cronjé and David Taylor
|
The Protection of Personal Information Act (POPI) has far‑reaching implications for organisations and individuals who must comply with it. Those impacted by this all‑encompassing Act will have many questions. This book lists 101 of these questions and provides possible answers. It also contains the full text of the Act for easy reference. The new legislation affects organisations and individuals in different ways and across a wide spectrum of roles, from CEO to junior IT staff. The marketing department of an organisation, for instance, may need to know more about the appropriate processing of personal information for promotional purposes, while a multinational organisation may want to learn about how the Act relates to trans‑border information flows. This user‑friendly book makes the legislation accessible to people from the vantage point of their interests. |
|
POPI
Ф franciscronje.com was instrumental during the drafting and refinement of the Protection of Personal Information Act (POPI) and Francis Cronjé acted in an advisory capacity to Parliament's Technical Working Committee on POPI. He later provided further insight to the Portfolio Committee of Justice and Constitutional Development during the finalisation of POPI and also served on the National Council of Provinces (NCOP) advising on POPI. We have assisted various companies (banking, retail, insurance, medical schemes & administrators etc.) with their analysis and remediation efforts, and our tested experience will assist your organisation in achieving compliance through a practical approach. LARGE ENTITIES At an entry level, we offer privacy gap analyses to navigate you through your company's information hive, assessing any gaps in terms of the Protection of Personal Information (POPI) Act, whereafter we follow a 8 step remediation approach: * Define a mission statement, objectives and strategies; * Acquire executive buy-in; * Obtain in-house sponsorship; * Assemble an operational / project team; * Build a policy & privacy framework; * Raise awareness, train and communicate; * Facilitate the operation of the privacy program; * Test and improve Please note that the above approach is not cast in stone. Experience has taught us that by having our people on the ground within your organisation from the onset, will produce the best results, feeding off your organisation's unique business dynamics, robust culture and technical orientation. Without having a thorough understanding of the internal workings, theory and a pre-defined set of documentation, will yield no pragmatic results. Our approach is practical, risk-driven and therefore not merely compliance orientated, resulting in long-term solutions rather than quick fixes. In other words - POPI made Practical. SMMEs (Small Enterprises) Being small in size does not exonerate your sole-proprietorship, closed corporation, partnership, or company from POPI. POPI applies to everyone and although your employee count or existing customer database might seem small or irrelevant, know this "YOU ARE RESPONSIBLE FOR THE PERSONAL INFORMATION YOU PROCESS!" Remember, 2 HIV files lost might have far more serious complications than for instance the loss of 20 000 emails. So it is not about size, but about contextualization of the personal information you collect, use, retain, store and destroy. CONTACT US TODAY FOR FINDING THE RIGHT SOLUTION PAIA We assist organisations with the drafting of PAIA manuals in terms of section 51 of the Promotion of Access to Information Act of 2000. It is important to note that the manuals will significantly change in terms of the new provisions enacted by the Protection of Personal Information Act of 2012. Please contact us to facilitate a meeting. |
POPI in a nutshell
The Protection of Personal Information (POPI), or also more often in Europe referred to as Data Protection, is a concept that envolves the various measures that a natural or legal person ("responsible party") must take when Processing the Personal Information of another natural or legal person ("data subject"). Personal Information is best described as any information or set of information whereby a person can be uniquely identified (eg. your ID number, or your name, race, gender and age). The Processing thereof can be best defined as to include any action inferred on the Personal Information (e.g. the collection, storage, retention, deletion or destruction of the Personal Information). The EU drafted relevant legislation as far back as 1995 to cover the main principles regarding those measures and the legislation is loosely referred to as the EU DIrective on Data Protection. South Africa has well established privacy principles covered in its Common Law and the right to privacy is also well entrenched in its Constitution. This does however not vaguely lend itself to the measures covered by the EU DIrective's principles. Due to this constitutional right and the international importance of privacy, South Africa's Law Reform Commission was instructed to prepare legislation that was on par with its international counterparts. In 2009 the Protection of Personal Information Bill (POPI) was approved by Cabinet. In November 2013 POPI was enacted and we are now awaiting a commecement date. The Bill is made up of eight core conditions: 1. Accountability 2. Lawful Processing 3. Specific Purpose 4. Further Processing Limitation 5. Openness 6. Information Quality 7. Security Safeguards 8. Data Subject Participation The time needed by companies to become compliant with such onerous legislation can vary from company to company, ranging from the number of data subjects all the way down to the complexity and sensitivity of the personal information being processed. From our experience, it has become clear that years, rather than months are required to strive for eventual compliance. Our methodology is project driven, utilising years of experience, professional agility and skills, solution orientated concepts coupled with a thorough understanding of your organisation's environment. |