POPI Act Compliance and Implementation

POPI Act compliance and implementation

POPI Act compliance is required by all companies that collect, store and process personal information. The POPI Act commencement date or effective date (which is 1 July 2020) allows a 12-month grace period for companies to become compliant. The POPI Act deadline is at the end of the grace period. Therefore all companies need to be compliant by 1 JULY 2021.

Are you ready?

The POPI act is South Africa’s equivalent of the EU GDPR. The POPI Act has now been enacted and final regulations published. There has been numerous cases of companies experiencing data security breaches recently, resulting in the personal information of individuals being exposed. Once the deadline is passed, data breaches will result in fines, penalties, and lost business due to reputational damage. Compliance to the POPI act can help your company improve data security, data privacy, and information privacy

The POPI Act governs the following:

  • The way companies process personal information (ad defined in the POPI Act & POPI regulations)
  • POPI Compliance in terms of the correct data privacy and information protection structures
  • Personal information compliance with detailed data security breach procedures

Useful links

Protection of Personal Information Act 4 of 2013

Interview with the the information regulator

Get a Quote

POPI Act compliance and implementation Services

  • Awareness & training
  • Gap analysis
  • Project planning
  • Implementation services
  • Templates & Governance
  • Information Governance
  • Data flows and data dictionary
  • Third party operators management
  • Customer consent requirements
  • Cross border information flows

Privacy, Cyber & Information Management - Metatrans

Dont delay contact Metatrans today and find out more

Contact Us

How does this impact you?

The impact from a company perspective

All companies in South Africa are required to comply to the POPI act which requires that companies protect the personal information of customers, staff and employees. The protection of personal information act will impact companies in many ways, some of the more common impacts are highlighted below.

  • The sharing and selling of information requires consent from the individual.
  • Collecting, processing and storing personal information will need consent from the individual and then the company must take every precaution to ensure that the information is protected and only used for the purpose that has been agreed by the customer, employee or supplier.
  • Companies who outsource the processing to 3rd parties will still be held accountable for the safeguarding and usage of that information, therefore contracts should be in place to that effect.
  • Companies will need to have destroy the information once the information is no longer needed for the original purpose agreed by the customer and there are no other laws or regulations that govern the retention of that information.

The impact to the individual

The POPI act has been created to protect the privacy rights of individuals. This means that companies need to obtain your consent to collect, process and share your information. Companies also need to obtain your consent to market to you via bulk marketing channels, for example email marketing.  Companies can still market to you via telephone.

If the personal information held by a company is breached, the company needs to notify you, this ensures that there will be more transparency and accountability should a company fail to protect your information sufficiently.

How our POPI Act Compliance Programme works

The right communication, at the right time is integral to the success of your Privacy Programme. We can assist you in planning, executing or assessing your Privacy communication strategy and execution. The constant communication and information-sharing will be very useful in keeping Privacy top-of-mind.

If done correctly, you will start seeing behaviour-change and will notice visible privacy-efforts throughout the organization. The communication is carried out in facilitated POPI training, electronic media and marketing material.

  • Facilitated in-depth staff training focused on creating a privacy culture and understanding of privacy requirements including POPI training material
  • A one-or two-hour training session with your executive team around the Privacy principles, impressing the importance of compliance and highlighting the risks of non-compliance
  • Ideally, this takes place in your boardroom, inside or outside office hours. This ensures buy-in and that the Privacy programme is driven from the correct levels

In Discovery phase our professional perform a POPI Gap analysis and provide outcome in the form of a formal POPI Gap Analysis Report. POPI Gap Analysis Workshops can save you tremendous hours and headache.

We stimulate participation and facilitate robust debate. We ask the right probing questions, documenting the output in a POPI Gap Analysis Report which is practical and implementable

  • These sessions create an environment where each participant becomes aware of the role they play in the effective execution of the Privacy Programme.
  • It also allows you to leverage off our experience in recognizing the pitfalls of data security and potential risks, as well as uncovered opportunities.

The Privacy charter assists to understand the environment in which the POPI project will be implemented and is needed as a base from which to identify the detailed POPI implementation plan.

  • The Privacy charter is used to clearly identify roles and responsibilities, scope, risks and issues involved.
  • The detailed POPI implementation plan is created through facilitated workshops with all key stakeholders

Execution of the mitigation of gaps found for all four quadrants of the framework: The Protection of Personal information of the Data Subject, Staff and Operators, as well as the Data Security and POPI Compliance of processes and Systems). Each of these requires a specific skill-set.

  • The Privacy charter is used to clearly identify roles and responsibilities, scope, risks and issues involved.
  • The detailed POPI implementation plan is created through facilitated workshops with all key stakeholders

Privacy templates available in MS Word, MS Excel, or MS Powerpoint

  • You will need to create the following capacities: Legal, Process Engineering, Cyber and Risk Management.
  • We have the skills to assist you with over-flow Privacy requirements to bolster your capacity where needed

Get in touch and with POPI act find out more about how Metatrans can assist with compliance and implementation

    From our blog

    Latest news and articles

    POPI Implementation Approach

    POPI Implementation Approach

    POPI Gap Analysis There are three ways to tackle your Gap Analysis. It is up to you whether to use

    Read More

    POPI Act: Understanding the basics

    POPI Act: Understanding the basics

    The POPI Act, not unlike any other, is fraught with terminology, jargon and wildly interpretable words. Sadly, understanding the POPI

    Read More

    You and your 3rd parties!

    You and your 3rd parties!

    You are responsible for the way in which the 3rd party processes the data, what they do with it and

    Read More