What is POPI?
POPI refers to the Personal of Information Protection Act of South Africa that seeks to regulate personal information processing. Personal information generally means any information relating to an identifiable, living natural person or legal person (companies, CCs, etc.) and includes, but is not limited to, any information relating to an identifiable natural person or legal person companies, CCs. Some of this information include, but is not limited to:
- Contact details: email, telephone, address etc.
- Demographic information: age, sex, race, birth date, ethnicity etc.
- History: employment, financial, educational, criminal, medical history
- Biometric information: blood type etc.
- Opinions of and about the person
- Private correspondence
Processing means broadly anything that can be done with the personal information, including collection, usage, storage, dissemination, modification or destruction (whether such processing is automated or not).
Why should I comply with POPI?
POPI encourages transparency as to what data is collected and how it should be processed. It is likely that this openness will increase customer trust in the organisation. Compliance with POPI includes capturing the minimum data required, ensuring accuracy, and removing data that is no longer needed. The overall reliability of organisational databases is likely to be improved by these measures. Compliance requires the identification of personal information and the adoption of reasonable data protection measures. This will reduce the risk of data breaches and the associated public or legal ramifications for the organisation. Non-compliance with the Act could expose the responsible party to a penalty of a fine and / or imprisonment of up to 12 months.
How can ERS help you?
- General consulting to assess, clarify and help you in your journey towards POPI compliance
- Conduct security GAP analysis to assess your environment and security posture to determine your compliance against POPI
- We can support you to carry out remediation plans highlighted in the GAP analysis to be compliant with the POPI Act
- Assistance to run POPI Awareness campaigns and online employee trainings.