Implementing PoPI: How the PoPI Act affects you and your business
The Act lists the following eight “conditions for the lawful processing of personal information”, each containing their own sections:
- Accountability
- Processing limitation
- Purpose specification
- Further processing limitation
- Information quality
- Openness
- Security Safeguards
- Data subject participation
These conditions and their implications for business are discussed in more detail in the following sections along with some practical guidelines on their implementation in practice. Please note that there are many other considerations and responsibilities beyond these eight conditions, as covered in our discussion points below.
Fortunately the implementation of PoPI in your business does not have to be an onerous or even difficult task if you have implemented a business nervous system in your business. At WorkPool we believe that the PoPI legislation should be embraced and implemented in the spirit it was intended; as its goal is to bring about a positive change and much needed protection for all. Furthermore, implementing PoPI creates anopportunity to simplify, review and streamline your business operations, policies and processes based on sound business practices and to embrace appropriate and cost effective technological solutions. If you embrace this legislation early there could be many benefits, including cost savings and automation. Remember, you only have one year to do so…
Breaking the PoPI Act down into practical steps and considerations:
- Accountability: Up to R10 million in fines or 10 years in jail!
- Collecting and Recording of Personal Information
- Ensuring the Quality of Information: “Be careful what you ask for as you just might get it”
- Access to your own Personal Information: “Be careful what you record as you might just have to share it”
- Retention and restriction of records: “Be careful what you record as you might just have to delete it”
- Further Processing and Conduct: “Congratulations, you have just won the lotto”
- Disclosure/Notification: “Oops… sorry to HAVE to tell you… but we’ve lost your data… again…”
- Complaints Process: “Guilty until proven innocent”
- Safeguarding Data: “The chain is only as strong as the weakest link”
Leave a Reply
Want to join the discussion?Feel free to contribute!