With the legislation of certain sections of the POPI Act as of 01 July 2020 there is a 12-month grace period before penalties will start being handed out to non-compliant companies. Taking a proactive approach to becoming compliant is the best way to ensure your company doesn’t end up one of the unfortunate companies bearing the consequence of non-compliance.
The POPI Act has been incrementally rolled out since April 2014 and aims to provide a balance between the right to privacy and the right of access to and the free flow of information. The legislation requires the private and public sector organisations that process personal information to do so in a lawful manner, to ensure the safety of the information they have access to, protecting individuals from data breaches and information theft.
Here are some of the ways we’ve found that will help you become quickly compliant:
- Appoint and information officer
The position of information officer in an orgajsation would generally be the CEO unless the role has been delegated over to someone else. The information officer, under the new legislation is required to perform certain mandatory duties so, it is important as a first step to ensure that you have appointed an information officer.
- Empower your employees with compliance knowledge
Your weakest link is your least informed employee, so it is important to educate your employees regarding data privacy legislation as well as what is required of them. In order for compliance to be effective within your organisation it is important to get the buy-in from senior management and all the way down the chain of command.
- Identify gaps in your organisation’s information flow and implement SOP’s
By doing a gap analysis, it will help you identify which processes and policies need to be put in place for better data privacy. Once you have identified these gaps, you can put the necessary process and policies in place that will form part of your standard operating procedures. You may need to look at:
- Updating employment contracts
- Updating supplier agreements
- Updating marketing practices
- Implementation of POPI Manual within the workspace
- BYOD – A bring your own device policy
- A sharing of personal information policy
These are to name a few.
- Find tools that can help you manage your compliance
There are a vaeriety of tools on the market that can give you the guidelines and help you through the process of becoming compliant. There are also additional tools that help make compliance simpler. Even where and how you store your information (the server environment) plays a part in the compliance of your organisation so becoming compliant requires a look at all aspects of your business.
How can we help you with your compliance?
Technology plays a big part in the transfer of data between employees and also between your organisation and others. We have a variety of solutions that will help protect your business against data breaches and information theft. In addition, we provide hosting solutions in GDPR compliant hosting environments which automatically ensures those aspects of your business are compliant with POPI, due to the fact that GDPR is even stricter than our local policies. We also have document management solutions that help you share information throughout your organisation based on clearance levels to avoid information falling into the wrong hands. But, it’s better we show you the power behind these tools so, why don you give us a call.