Let’s not beat around the bush: POPI compliance is now part of the business legal insurance requirements for any SA company trying to stay ahead of the game. We offer a brief overview of the POPI act, but you should check in with your lawyer (made affordable with business legal insurance) to make sure you are on top of your company’s information processing policy.
What is POPI?
The Protection of Personal Information Act (POPI) sets conditions for responsible parties to lawfully process the personal information of data subjects. This doesn’t mean this act stops you from processing and doesn’t require you to get consent from data subjects to process this information. Most of these responsibilities fall to an information officer appointed by each company.
Taking a page from the EU’s GDPR, POPI is South Africa’s information protection counterpart. As such, if your company is already GDPR-compliant, you’re almost entirely POPI-compliant. However, the biggest difference between these two pieces of legislation is that, while the GDPR relates to the personal information of individuals, POPI extends its protections to legal entities. This means it protects information collected on companies and corporations as well as the data of individuals.
How To Apply POPI In Your Business
Nominate An Information Officer
After deciding what information you are looking to collect, how to process it, and how POPI will impact your business, you must appoint someone who fully understands the law and your data practices.
If your company doesn’t have an information officer yet, the CEO of the company fills the role by default. However, it’s rare for CEOs to have that kind of time on their hands. Don’t make a mistake – there is more to being an information officer than meets the eye, so rather get a dedicated professional on the case.
Perform A POPI Gap Analysis
As mentioned earlier, if yours is one of the companies that jumped on board with the GDPR regulations, you’re already halfway to being POPI-compliant. If you haven’t already, run a gap analysis on your company and check to see where you’re still falling short. Speak to your company’s legal aid and find out what IT infrastructure and personnel resources should be put in place to allow you to play in the big leagues under this new legislation.
Complete Risk Assessments
The old saying that “knowledge is power” may be running the show for now, but data is what decides the real winners in this game. To this end, you need to make sure you’re pulling out all the stops to ensure any and all data entrusted to your company is kept safe. Bring in your business legal aid to help you assess your security policies.
Draft New Policies And Update Existing Documents
POPI requires organisations to update their existing policies and potentially create new ones. With the help of business legal insurance, you can afford to get professional input on documents such as:
- Privacy policies
- Information security procedures
- Incident response
- Information manuals
- Reporting procedures
Of course, you must communicate these new policies with your staff and third-party partners, so that everyone is on the same page.
Create A Compliance Management System
POPI-compliance isn’t a one-time deal. This is where the newly appointed information officer comes in handy. Compliance is an ongoing process and it requires management for a business to stay proactive where protecting your data is concerned. An active compliance plan offers you a systematic way to review and update your processing standards.
The new Protection of Personal Information Act shouldn’t be something for South African companies to fear. After all, these data security measures can give your investors and customers a great boost in confidence. If you want to stay ahead of new or changing information management laws, it’s best to check in with your business’s legal aid regularly. With business legal insurance, you can enjoy access to a legal professional at any time and rest at ease, knowing your company is run by the book. Find and compare business legal insurance quotes today and lead your organisation boldly into the future.