Upload File

final popi act regulations published - what you

4
Final POPI Act Regulations published - what you should know Businesses operating in South Africa are presently facing the enactment of the Protection of Personal Information Act 4 of 2013 (POPI Act) and accompanying Regulations. During December 2018, the final POPI Act Regulations were published by the Information Regulator. Compliance with the POPI Act will soon be mandatory for all organisations in South Africa. Although the final POPI Act Regulations have been published, the commencement date still needs to be determined by the Information Regulator. We will keep you updated in this regard. What are the objectives of the POPI Act?

Upload: others

Post on 03-Jan-2022

2 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Final POPI Act Regulations published - what you

Final POPI Act Regulations published - what you should know

Businesses operating in South Africa are presently facing the enactment of the Protection of Personal Information Act 4 of 2013 (POPI Act) and accompanying Regulations.

During December 2018, the final POPI Act Regulations were published by the Information Regulator. Compliance with the POPI Act will soon be mandatory for all organisations in South Africa. Although the final POPI Act Regulations have been published, the commencement date still needs to be determined by the Information Regulator. We will keep you updated in this regard.

What are the objectives of the POPI Act?

Page 2: Final POPI Act Regulations published - what you

The main objectives of the POPI Act are to control the processing of personal information and provide data protection in a robust effort to align all South African data protection laws with international standards.

The POPI Act Regulations do not provide practical guidance on how to comply with the POPI Act. Although there are no clear controls, the responsible party remains accountable for adhering to the conditions applicable to their specific workplace and industry.

What documentation relates to the processing of information as per the POPI Act?The recently published regulations contain a number of prescribed forms relating to the processing of information, for example–

a form for raising objections to the processing of personal information;requests for the correction or deletion / destruction of personal information;an application for issuing a code of conduct;a request for the data subject’s consent to process personal information for the purposes of direct marketing;

* Section 6 of the POPI Act Regulations specifically addresses the consent for processing personal information. The Regulations are vague on the specific method or prescribed form in different situations, but this section deals with the consent for direct marketing by electronic communications only. This means that you do not need to obtain written consent for every data subject. You only need a record of some form of consent, which includes voice recordings.

a submission of complaint, appeal, enforcement and assessments;a form for the Regulator acting as conciliator during investigation;pre-investigation proceedings of the Regulator;a form for informing the parties of developments regarding investigations, etc.

What are the responsibilities of an Information Officer as per the POPI Act?

https://www.serr.co.za/a-checklist-when-preparing-for-popi-and-data-laws
https://www.serr.co.za/a-checklist-when-preparing-for-popi-and-data-laws
https://www.serr.co.za/a-checklist-when-preparing-for-popi-and-data-laws
Page 3: Final POPI Act Regulations published - what you

The responsibilities of the Information Officers are also set out in more detail and include the development of a compliance framework amongst other duties. Below find a list of responsibilities for the Information Officer. The Regulator included a section on the responsibilities of the Information Officers and emphasises 5 (five) key responsibilities:

The Information Officer must ensure that a compliance framework is developed, implemented monitored and maintained in line with the conditions of the POPI Act.The Information Officer must ensure that a personal information assessment is conducted so that adequate measures and standards are applied.The Information Officer must ensure that a manual is developed, monitored, maintained and made available as prescribed by the Promotion of Access to Information Act (PAIA).The Information Officer must ensure that internal measures are developed, with a system to process requests or access to information.The Information Officer must ensure that internal (staff and management) awareness sessions are conducted.

Whilst the main focus of the POPI Act is on compliance, our approach at SERR Synergy is to implement compliance in such a way that it provides business value to our clients and allows for improvement in efficiencies and effectiveness by meeting the compliance requirements.

About the Author: Retha van Zyl completed her BCom Hons (Economics and Risk Management) studies at the North West University. She joined our team in January 2016 and currently holds the title ‘Information Compliance Advisor’. She specialises in POPI and PAIA compliance, which includes compiling and submitting PAIA manuals to the Human Rights Commission. She also compiles and implements Information Security Management System (ISMS) to identify risks associated with information security in each department within an organisation.

Sources:

https://www.michalsons.com/blog/popi-regulations-popia-regulations/12417

http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf

https://www.financialinstitutionslegalsnapshot.com/2018/12/protection-of-personal-information-act-regulations-published/

https://www.serr.co.za/popi-act-5-top-questions-answered/
https://www.michalsons.com/blog/popi-regulations-popia-regulations/12417
http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf
http://www.justice.gov.za/inforeg/docs/20181214-gg42110-rg10897-gon1383-POPIregister.pdf
https://www.financialinstitutionslegalsnapshot.com/2018/12/protection-of-personal-information-act-regulations-published/
https://www.financialinstitutionslegalsnapshot.com/2018/12/protection-of-personal-information-act-regulations-published/
Page 4: Final POPI Act Regulations published - what you

http://www.popiact-compliance.co.za/

http://www.popiact-compliance.co.za/

2014 f1 Technical Regulations - Published on 20.07

POPI and PAIA Manual - Irene Country Club

Dr. Popi KONIDARI Research Fellow of KEPA

POPI & Direct Marketing Principles - Course Overview and Direct... · Course Overview | POPI ACT and Direct Marketing Principles | onlineacademy.co.za 3 COURSE DURATION HOUR MODULES

POPI Acts South African Compliance withthedocumentwarehouse.com/.../2017/05/TDW-eBook-POPI... · The Document Warehouse | | 011 298 0700 Compliance with South African POPI Acts Ebook

The 4-Ps of POPI - IT Conferencesitconferences.net/wp-content/uploads/2017/03/Caroline-Mouton.-POPI...Corporate governance of information ... governance itself, usually requires significant

IITPSA - POPI impact on IT 19092013 - Actualising Changemobiusconsulting.co.za/.../09/IITPSA-POPI-impact-on-IT-19092013.pdf · Background - Overview of the 8 POPI conditions! 1) Accountability!

POPI Act compliance presentation

Fellowes POPI Catalogue

POPI Update 2013

Protection of Personal Information (PoPI) - c.ymcdn.comc.ymcdn.com/sites/ · Click to edit Master title style 1 Protection of Personal Information (PoPI): Impacts & an Implementation

Popi becomes law briefing slides

Imperva SecureSphere Data Security - Secure Networks...Meet compliance requirements SecureSphere helps organizations address compliance regulations including GDPR, PCI DSS, SOX, POPI,

Protection of Personal Information Bill (POPI)

PRIVACY POLICY - POPI 2020/2021 - Stratum Benefits

Form 01.2 POPI & PAIA Compliance Project Plan

POPI and Email Marketing

updated based on TESDA Training Regulations published

POPI Seminar FINAL

Popi polizopoulou | Make Up Artist

The Protection of Personal Information Act. Overview In a Nutshell Purpose of POPI Scope of POPI Concepts Conditions for Processing Special PI Transborder

Program on the Pharmaceutical Industry (POPI) - MITweb.mit.edu/popi/overview.pdf · 1 Program on the Pharmaceutical Industry (POPI) Founded in 1991 with a major grant from the Alfred

How does PoPI Act affects Marketing and Communication ...mace.unizulu.ac.za/wp-content/uploads/2015/10/POPI-Presentation... · How does PoPI Act affects Marketing and Communication

The Protection of Personal Information Act (“POPI ACT ... · Globally active October 20, 2017 The Protection of Personal Information Act (“POPI ACT“) Austrian Business Chamber

THE PROTECTION OF PERSONAL INFORMATION ACT (POPI)pdsymposium.co.za/wp-content/uploads/2016/06/POPI-Act-Ulundi...Protection of Personal Information Act (POPI ) Constitutional roots

Protection Of Personal Information (POPI) Act

Guide To Navigating POPI - everlytic.co.za · Guide To Navigating POPI 3 The introduction of the Protection of Personal Information Act (POPI) puts the onus on companies and individuals

PROTECTION OF PERSONAL INFORMATION ACT (POPI ACT)

Werksmans presentations on popi

Sailpoint - POPI impact on IT 10102013mobiusconsulting.co.za/.../09/Sailpoint-POPI-impact-on-IT-10102013.pdf · Background - Overview of the 8 POPI conditions! 1) Accountability!

POPI Act AND eia

The POPI Act - NAMA

POPI - Protection of Personal Information act

What should you be asking? POPI - NWU · POPI IS LAW Does the POPI Act apply to the University? the POPI Act is applicable to every business in South Africa that collects, uses, stores

Popi and Paia Manual - Barloworld