The Protection of Personal Information Act (PoPIA) is already in effect, and businesses have until the end of June 2021 to be compliant. A business’ risk exposure or urgency depends on the type of data the organisation works with. If they make use of “Personal Information” and “Special Personal Information” (PI/SPI), they have a few days left to become fully compliant.
There are many variables at play when determining risk, so keep in mind that it also depends on the amount of data, the size of the organisation, risk exposure, and what controls are in place. If they make use of little or no PI/SPI, then it shouldn’t take too much effort to “clean house”.
No matter which industry businesses are in, they will be affected by PoPIA. For those that have not started this journey already, they will need to have a detailed roadmap with identified compliance gaps, as well as resource availability to execute on becoming fully compliant.
If they haven’t started yet, what are the first steps?
- Understand what is “Personal Information” and “Special Personal Information” (PI/SPI)
- Identify all PI/SPI in the organisation (think customers, employees and vendors)
- Understand what legal data retention periods are for all identified PI/SPI
- Assess all processes, procedures or systems that use PI/SPI for PoPIA compliance (document all relevant information flows)
- Assess all policies and legal agreements for PoPIA compliance
- Ensure there is a Data Breach Playbook
- Ensure there is a mechanism to obtain consent from data subjects as well as a mechanism which will allow them to request their data
- Document all efforts towards becoming compliant (have a portfolio of evidence)
- Appoint an Information Officer
- Train all staff and create awareness
- Conduct a Cyber Security Audit
Is there a checklist that you can share to be in a state of preparedness?
The steps listed above should get a business to a state of preparedness, but moving forward, I suggest that organisations makes use of an online assessment tool through iOCO, www.popitools.co.za. when creating new or updating existing processes, procedures or systems. Don’t think this is a once off exercise. Organisations will need to ensure that they train and educate teams regularly, and need to make sure that they test their controls on a regular basis. Prevention is better than cure.
By Sarita van der Walt from Wonga
More Stories
AFRICA.COM: Live From The World Economic Forum In Davos
When Times Are Tough, Micro-Savings Can Provide Some Certainty
Food Price Inflation: Are We Watching “That 70’s Show”?
Five Ways IT Companies Can Grow In Africa
Staple Foods Are Fast Disappearing From The Table Of millions Of South Africans
Beyond Grades: The Crucial Skills Required For Future Success
Higher Inflation: What It Means And How To Survive It
Five Ways To Improve Your Financial Fitness Today
Fear Of Job Loss Is Impeding South Africa’s Digital Transformation
Eco-Logic Awards: Call To Entry Deadline Extended
Take The Sting Out Of The Needs
Debt, Savings And Retirement – The Budget Address We Should Be Having With Ourselves