Compliance with South African POPI Acts

Similar documents
Protection of Personal Information Policy (POPI)

The Protection of Personal Information (POPI) Act

General Personal Data Protection Policy

VMS Software Ltd- Data Protection Privacy Policy

b. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.

GLOBAL DATA PRIVACY SNAPSHOT 2018: How does your organisation compare?

This privacy notice applies to attendees, organisers and others involved in Merton College s conferences and events

Data Protection Policy

Tourettes Action Data Protection Policy

This policy is a public document and has been prepared in light of National Privacy Principle 5, Openness.

Privacy Notice (How we use school workforce information)

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

Orbit Recruitment Privacy Policy

RAW MARKETING DATA PROTECTION POLICY

GUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT

Information Asset Register IAR. Guidance for Schools

Data Protection Policy. UK Policy May 2018

CDMS Consulting Engineers Privacy Policy

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

Data Protection Policy

Recruitment Privacy Notice

DATA PROTECTION POLICY

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers

GENERAL DATA PROTECTION REGULATION Guidance Notes

Foundation trust membership and GDPR

Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Brasenose College Data Protection Policy Statement v1.2

DATA PROTECTION POLICY

Job Title: Head of Retail Department: Income Generation

DATA PROTECTION POLICY 2018

Get ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie

EDWARDS COMMERCIAL CLEANING SERVICES LTD and EDWARDS COMMERCIAL CLEANING (NORTH) LTD Data Protection Policy for Employees, Workers and Consultants

General Optical Council. Data Protection Policy

The Society of St Stephen s House Site Security and Monitoring Privacy Notice

PRIVACY NOTICE FOR JOB APPLICANTS

South African Statistical Quality Assessment Framework

How employers should comply with GDPR

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

Privacy Notice: for staff, trustees, governors and all who are engaged to work within The Evolve Trust

Responsible Business Alliance. Data Privacy and GDPR Compliance Policy

DATA PROTECTION POLICY 2016

SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]

POLICY. Data Breach Notification Policy. Version Version 1.0. Equality Impact Assessment Status. Date approved 23 rd May 2018

Trinity is committed to protecting the privacy and security of personal data.

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

Brasenose College is committed to protecting the privacy and security of personal data.

Human Services Quality Framework. User Guide. Human Services Quality Framework User Guide Page 1 of 35

Sefton Carers Centre

St John's Primary School and Nursery. Privacy Notice for Governors How we use your information 2018/19

Privacy Notice. If you wish to know more about our approach to Data Protection please read this Privacy Notice.

Training Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak

Data Protection Policy

PRIVACY POLICY. Your Village Pty Ltd ABN ( Steam Capital ) is committed to protecting your privacy.

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

PRIVACY NOTICE for Welsh St Donat s Community Council, May 2018

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

OCTOBER 2016 GROUP CODE OF CONDUCT

Our Volunteer Privacy Notice: protecting and respecting your information

Introduction. Welcome to the OAG Aviation Group privacy notice.

The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.

POPI REGULATES IN HARMONY WITH INTERNATIONAL STANDARDS THE PROCESSING OF PERSONAL INFORMATION BY PUBLIC AND PRIVATE BODIES

Introduction Why is data protection important? How does it apply to volunteers? What volunteers need to do?...

General Data Privacy Regulation: It s Coming Are You Ready?

Data Protection Policy

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE

LPC Law Recruitment Privacy Notice

Baptist Union of Scotland DATA PROTECTION POLICY

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018

Data Protection: It s getting personal

Data protection privacy notice (Job Applicants)

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

Macroprocesso 2-GOVERNANÇA CORPORATIVA

You can contact us directly at Dechert LLP, 160 Queen Victoria Street, London, EC4V 4QQ, United Kingdom or by ing

DATA PROTECTION POLICY AND PROCEDURE

OFFICER USE ONLY. 2. Position No: Title of Immediate Supervisor: University Secretary 3. Level: 10

Privacy Notice for Directors and Local Academy Committee Representatives How we use your information 2018/2019

GPDR: Privacy Statement Last updated April How your personal information is used by Allander Print Limited.

UK SCHOOL TRIPS PRIVACY POLICY

The Heritage Alliance. Data Privacy Policy

The General Data Protection Regulation (GDPR)

Privacy Notice for Directors and Local Academy Committee Representatives How we use your information 2018/2019

GDPR: Is it just another strict regulation or a great opportunity for operational excellence?

Data Protection Policy for the Grimsby Institute of Further & Higher Education

Data Protection Policy

Job applicant privacy notice (compliant with the General Data Protection Regulations (GDPR)

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

This personal information must be dealt with properly, with appropriate safeguards in place to ensure the rights and freedoms of data subjects.

code of conduct + ethics

SHENLEY BROOK END SCHOOL

Our Volunteer Privacy Notice: protecting and respecting your information

Data Protection Policy & Procedures

Brasenose College SCR Member Only Privacy Notice (v1.2)

Data Protection Policy for Staff DJJK. Apr of 10

National Railway Museum

The Board. Managing Director and CEO. Executive Management. External Audit

Transcription:

Compliance with South African POPI Acts www.tdw.co.za Ebook Developed by Virginia Hendricks

THE POPI ACT Ensuring that your organisation is abiding by both your own industry regulations and government legislation. Compliance entails 2

Compliance Compliance = Role of Top Management They are responsible for setting an organisation s direction and communicating priorities to employees and stakeholders. These include linking records management to the organisation s requirements and goals, and understanding the risks associated with inadequate records management. 3

Compliance Records Management Programme Sound records management exists within the same regulatory framework that requires and governs good governance, accountability and transparency. At The Document Warehouse we offer a range of Records Management and storage solutions. With secure storage and record solutions that keep our clients and their clients information secure, whether it's paper, electronic or data. The Document Warehouse prides itself on top notch barcoding techniques that safeguards you and your companies information. 4

Compliant with legislation? Being compliant with Legislation requires that: Organisations manage and control their records. From the time they are created to their eventual disposal or preservation of information. 5

Is Your Organisation Compliant With Legislation? Compliant Checklist Is your Records Management programme able to meet compliance requirements of security, regulations, principles and standards? Are your emails and web pages managed as records? Compliant Checklist Can you find the right documents and records when you need them? Does workflow and business process work with documents and records management to help increase efficiency within your company? 6

Non- Compliance! Records Management is about attaining a records management benchmark of best practice i.e. - ISO 15489 Best Practice of a Records Management Programme Policies Procedures (SOP); Business Classification System/Naming Convention for files/records. Retention and disposal schedule for records; Continuous Records Management Training to all employees. 7

Your organisation cannot be compliant if your records are not being managed properly! Virginia Hendricks National Training Consultant The Document Warehouse Dedicated to service The Document Warehouse (TDW) is about helping organisations become compliant. We are passionate about managing your company records and are here to help you to manage your records management. 8

Protection of Personal Information Act 4 of 2013 Companies will soon be required to comply with the stringent Protection of Personal Information (POPI) Act. This is going to regulate how we handle, store and secure personal information. The POPI Act was signed into law during November 2013, commencement date will be announced later this year! However one should start implementing solutions now to avoid fines or prosecution. Disclaimer: Information shared and distributed relating to POPI is based on The Document Warehouse internal employees interpretation of the Act and information available in the public domain. The Document Warehouse does not profess this information to be a conclusive or comprehensive formal guide to POPI. People should at all times refer to the Act itself. 9

Who Must Comply? Personal information / entity, His or her or its Purpose of the Act Promote the protection of personal information Introduce certain conditions Establishment of an Information Regulator Perform certain duties and functions in terms of this Act and the promotion of Access to Information Act, Issuing of codes of conduct; Rights of persons regarding unsolicited electronic communications Regulate the flow of personal information across the borders of the Republic. 10

Purpose Of POPI POPI- brings the country in line with international laws on privacy. Data Protection Act 1998 (United Kingdom) Data Protection Directive (European Union) Data protection and privacy laws (Russia) Electronic Communications Privacy Act (United States) Personality rights Privacy Act of 1974 (United States) Privacy Act 1988 (Australian) Right to be forgotten Protection of Personal Information Act 4 of 2013 (SA) 11

8 Core Conditions To POPI 1. Accountability 2. Processing Limitations 3. Purpose Specifications 4. Further Processing 5. Information Quality 6. Openness 7. Security Safeguards 8. Data Subject Participation 12

1. Accountability 2. Processing Limitations Accountability Define the purpose of the information gathering and processing: Personal information must be collected for a specific, explicitly defined and lawful purpose that is related to a function or activity of the company concerned. Processing Limitations Take steps to notify the data subject: The individual whose information is being processed has the right to know this is being done and why. The data subject must be told the name and address of the company processing their information. In addition, he or she must be informed as to whether the provision of the information is voluntary or mandatory. The processing must be lawful Personal information may only be processed if it is adequate, relevant and not excessive given the purpose for which it is processed. 13

3. Purpose Specifications 4. Further Processing Purpose Specification Further Processing Personal information must not be retained any longer than is necessary personal information must be destroyed, deleted as soon as the purpose for collecting the information has been achieved. Limitation The rationale for any further processing: If information is received via a third party for further processing, this further processing must be compatible with the purpose for which the data was initially collected. 14

Information Quality Information must be complete and should never be misleading. At the same time information should be relevant and updated on a regular basis. All information must be accurate and credible at the time of acquiring it. This will ensure that quality information is collected, managed and stored correctly. 5. Information Quality 15

6. Openness 7. Security Safeguards Openness Audit the processes used to collect, record, store, disseminate and destroy personal information: Companies must ensure the integrity and safekeeping of personal information in their possession or under Security Safeguards Security measures on integrity and confidentiality of personal information by taking appropriate, reasonable technical and organisational measures to prevent loss of, damage to, access to, personal information. their control. They must take steps to prevent the information being lost or damaged, or unlawfully accessed. 16

8. Data Subject Participation Access Part A Access to personal information Correction of personal information Manner of Access Part B Process and Authorisation concerning data subject s Religious and philosophical beliefs Race or ethnic origin Trade union membership Political persuasion Health or sex life Criminal behaviour or biometric information. Part C Processing of information of children 17

Notify the information Protection Regulator: When the POPI is enacted and a Regulator established, organisations processing personal information will have to notify the Regulator about their actions. They will also have to notify the Regulator of any requests for information (PAIA) and or personal information. (POPI) 18

What happens if you don t comply? Suffer reputational damage Lose customers and fail to attract new ones Pay out millions in damages to a civil class action Be fined up to R10 million or face up to 10 years in jail This is serious, you need to take action now. Raise your Awareness Raise employees awareness 19

Is Your Business Compliant? Are you ready to implement the POPI act into your business, to safeguard your information and records? The Document Warehouse has the right solution for you Book your POPI Workshop with our training academy by calling us or visiting our website for more information. Lets help you get ready before it s too late. 20

The Document Warehouse South Africa's Professional Document Solution Leaders Since 1992 Our Team Are Ready To Assist You 21

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback