THE POPI 360 SOLUTION
Red Edge Solutions, an ICT solutions provider with emphasis on governance and compliance, and EOH Legal Services, an industry expert in regulatory compliance, have partnered to offer businesses a complete POPI compliance solution.
As POPI will not only impact your business from a legal perspective, but also from a business process perspective, we have identified a step by step solution that will not only assist with legal compliance, but will also aid your business in adjusting its current business policies and processes. This 360 Solution also allows for software solutions where required.
Step 1: POPI awareness Training:
These training sessions are essential for providing an overview of POPI, and why it is imperative to regulate the manner in which personal information is processed. Business processes and information systems that are likely to be impacted, as well as the consequences of non-compliance, are also discussed.
Step 2: Identification and analysis of existing business policies and procedures:
A GAP analysis of your business’ existing policies and business procedures will be conducted and compared to the requirements of POPI and all other legislation which provides for personal information. Client and employee interactions will be the main focus areas. The POPI 360 Solution also provides for the drafting or amending of relevant policies and business procedures, if required.
Step 3: Align existing business policies and procedures with regulatory requirements:
Drawing from the GAP analysis, results, areas of potential risk will be identified and a customised solution to align your business’ existing business policies and procedures with regulatory requirements are presented.
Step 4: Update IT Systems:
The POPI 360 Solution provides for the updating or changing of existing IT systems, as well as for new IT infrastructure implementation if and when required. The necessary expertise could be provided for the amendment of the IT systems.
Step 5: Amendment of manual: Promotion of Access to Information Act (PAIA)
To provide for the amendments required by POPI, your company’s PAIA manual will be amended.
Step 6: Implementation training:
All relevant employees will be trained regarding the changes to business processes, policies and systems.
THE 8 COMPLIANCE CONDITIONS
1. Accountability Ensure that all the principles contained in POPI and all the measures that give effect to these principles are complied with.
2. Processing Limitation Personal Information may only be processed in a fair and lawful manner and only with the consent of the data subject.
3. Purpose Specification Personal Information may only be processed for specific, explicitly defined and legitimate reasons.
4. Further Processing Personal Information may not be processed for a secondary purpose Limitation unless that processing is compatible with the original purpose.
5. Information Quality How do you ensure accuracy of personal information?
6. Openness The data subject whose information you are collecting must be aware that you are collecting such personal information.
7. Security Safeguards Personal information must be kept secure against the risk of loss, unauthorised access, interference, modification, destruction and disclosure.
8. Data subject Data subjects may request whether their personal information is Participation held, as well as the correction and / or deletion of any personal Information held about them.
POPI – Is your business ready to comply?