POPI ACT
The goal of the Protection of Personal Information Act (POPIA) is to protect people against the unlawful collection, retention, dissemination and use of their personal information. This is in accordance with their constitutional right to privacy, as enshrined in section 14 of the Constitution. Therefore, conditions are set to establish minimum requirements for the lawful processing of personal information.
NEASA is an employers organisation that can help any employer, business or corporate to become Popia Compliant. View our Popia Packages and let us help you today!
The principal role players in the POPI Act
The POPI Act mainly involves three role players that can be seen below:
Read More
The data subject
The person in question, to whom the information relates and whose information is being processed.
The responsible party
This role player is defined as the person who determines why and how to process personal information. Examples of responsible parties are: private companies, non-profit companies, governments, state agencies as well as individual people. However, these role players are often called controllers in other jurisdictions.
The operator
This is the person that processes an individual’s or a company’s personal information. This can be on behalf of the responsible party. According to the POPI Act, various obligations are placed on the responsible party who is ultimately responsible for the lawful processing of personal information. In fact, the responsible party is legally obligated to only use verified operators that meet necessary safety and security requirements of processing personal information.
Promulgation of POPI Act
The date for the commencement of the POPI Act was 1 July 2020. The deadline for organisations, companies and individuals to comply with the POPI Act was 1 July 2021. Anyone that does not comply with the Act can be subject to a fine or imprisonment.
Who is affected by the POPI Act?
According to the POPI Act, a natural or juristic person who is in a position to process personal information is required to comply with the Act. This includes any person, company, large corporate as well as the government.
Information Regulator
The promulgation of the POPI Act facilitated the establishment of an Information Regulator in order to ensure the enforcement of and compliance with the POPI Act.
Read More
The Information Regulator can investigate and fine responsible parties for not complying with the POPI Act. Persons whose personal information is being processed unlawfully can lodge complaints with the Information Regulator (IR). In fact, the IR will regulate both POPIA & PAIA. The Information Regulator is independent, subject only to the Law and Constitution, and reports to Parliament. However, in all situations, the Information Regulator must be impartial and exercise its powers without fear, favour or prejudice.
Promotion of Access to Information Act (PAIA)
Act 2 of 2000 represents South Africa’s access to information law. In essence, this law enables people to gain access to information held by both public and private bodies. Every organisation in South Africa is obligated to comply with this Act.
NEASA helps business owners with all the necessary compliance services. We can help you to become and to stay compliant. Contact us today for support with our packages
What does the PAIA entail?
Essentially the Act deals with access to information (ATI). The main role players are the requester & a public or private body. This Act deals with information that is held in records. The requester needs to request access.
Record of processing activities
Section 17 of the POPI Act stipulates that a responsible party must maintain a record of all processing operations under its responsibility in a PAIA manual.
Responsibilities of the Information Regulator
The Information Regulator provides education, monitors & enforces compliance with the POPIA & PAIA, and consults with interested parties. The Information Regulator is also involved in the handling of complaints, conducting of research, reporting to Parliament, and more. As a result, the Information Regulator acts in accordance to the codes of conduct, participates in cross-border co-operation in the enforcement of privacy laws, and other aspects specified in Section 40 (1) of the POPI Act.
POPIA COMPLIANCE PACKAGES
Gap Analysis / Initial Assessment and Report
- Completion of an extensive audit to determine to which extent your company is POPIA compliant.
- Summary report:
– We provide you with a list of documents and actions that need to be implemented or developed for your company to become fully POPIA compliant.
Quick Start Package
- Completion of an extensive audit to determine to which extent your company is POPIA compliant.
- Summary report:
– We provide you with a list of documents and actions that need to be implemented or developed for your company to become fully POPIA compliant.
– Development of the first draft policies and procedures tailored to your company (with the inclusion of your company logo and name).
– NOTE: There will be elements of the policies and procedures which will need to be completed by your company.
Detailed Readiness Package
• Completion of an extensive audit to determine to which extent your company is POPIA compliant.
• Summary report:
– We provide you with a list of documents and actions that need to be implemented or developed for your company to become fully POPIA compliant.
– Development of the first draft policies and procedures tailored to your company (with the inclusion of your company logo and name).
– NOTE: There will be elements of the policies and procedures that will need to be completed by your company.
– POPIA compliance training for your employees.
BECOME A MEMBER
START YOUR ONLINE APPLICATION HERE
NEED MORE INFORMATION?
NEED HELP?
GET IN TOUCH WITH US
24/7 National Hotline: 086 016 3272
info@neasa.co.za