The Protection of Personal Information Act (PoPIA) is already in effect, and businesses have until the end of June 2021 to be compliant. A business’ risk exposure or urgency depends on the type of data the organisation works with. If they make use of “Personal Information” and “Special Personal Information” (PI/SPI), they have a few days left to become fully compliant.
There are many variables at play when determining risk, so keep in mind that it also depends on the amount of data, the size of the organisation, risk exposure, and what controls are in place. If they make use of little or no PI/SPI, then it shouldn’t take too much effort to “clean house”.
No matter which industry businesses are in, they will be affected by PoPIA. For those that have not started this journey already, they will need to have a detailed roadmap with identified compliance gaps, as well as resource availability to execute on becoming fully compliant.
If they haven’t started yet, what are the first steps?
- Understand what is “Personal Information” and “Special Personal Information” (PI/SPI)
- Identify all PI/SPI in the organisation (think customers, employees and vendors)
- Understand what legal data retention periods are for all identified PI/SPI
- Assess all processes, procedures or systems that use PI/SPI for PoPIA compliance (document all relevant information flows)
- Assess all policies and legal agreements for PoPIA compliance
- Ensure there is a Data Breach Playbook
- Ensure there is a mechanism to obtain consent from data subjects as well as a mechanism which will allow them to request their data
- Document all efforts towards becoming compliant (have a portfolio of evidence)
- Appoint an Information Officer
- Train all staff and create awareness
- Conduct a Cyber Security Audit
Is there a checklist that you can share to be in a state of preparedness?
The steps listed above should get a business to a state of preparedness, but moving forward, I suggest that organisations makes use of an online assessment tool through iOCO, www.popitools.co.za. when creating new or updating existing processes, procedures or systems. Don’t think this is a once off exercise. Organisations will need to ensure that they train and educate teams regularly, and need to make sure that they test their controls on a regular basis. Prevention is better than cure.
By Sarita van der Walt from Wonga
More Stories
Latest Rate Hike Will Add To The Bite, But Property Outlook Remains Stable – Seeff
Traditional Banks Missing Opportunities To Compete With Newcomers
Are Inflation-Beating Returns On The Horizon For Money Market Investors In 2023?
Smart Energy Approach Can Save Businesses Millions
Few SA households Have Enough Income Protection – Momentum Life Insurance.
5 Ways Financial Leaders Can Bring Us Closer To Net-Zero
Removing Trade Barriers In The Developing World
Binance Charity To Provide Free Web3 Training To Women In Rural Communities Across SA, And Globally
FNB Recognised As A Top Employer In South Africa
Africa’s Top Tech Trends Across Fintech, Energy, Digital And More
4 Mobile Tech Trends Influencing How We Work And Play In 2023
Three Practical Ways To Do A Financial ‘Refresh’