A Quick How-To Guide to POPI Implementation
POPIA (or POPI as it used to be called) has been three years in the making, and suddenly the pressure is on! Regulations are expected any day now, with an effective date to follow or join that announcement. Now is the time for you to start planning your POPI Implementation.
Almost everyday we are receiving requests for POPIA training, and I am fascinated to see what people are offering in the market. Take a word of caution here. There is no ‘quick fix’. There is no ‘magic recipe’. There is no one single course that can make you POPIA compliant.
Don’t fall for it. There are charlatans in the market who are milking unsuspecting business owners out of many Rands with false promises.
Becoming POPIA compliant is a culture change… a mind-set change.
It is a slow and steady journey that you have to commit to as an organisation. And strangely, once you do it right, you realise the massive, positive impact this has on your relationships with your clients, your staff and your suppliers. In fact, the decision to become respectful of the privacy of the personal information of others, is very liberating, and one giant leap towards building trusting and lasting relationships.
So how to sift through all the information available online, decide what your first or next steps are? Relax… grab a cup of coffee, and hopefully this will shine a guiding light on your journey. Depending on the size and complexity of your organisation, you may choose to water down some of the steps below.
These steps work! They help you focus on what is important.
This may seem like an intimidating list of activities, but easy does it. Once you have identified your information officer (your CEO or as close as possible to that role), and he or she identifies the major role-players, contact a reputable company to conduct awareness training with your POPIA team.
We have added in a self-assessment, which you do prior to the training and planning sessions. This assessment already gets your head into the right space, and starts to guide your thinking. It also helps give us an indication where your biggest compliance gaps are, which saves a lot of time during the planning session.
After that one day session, we help you draft an implementation plan, with, where possible responsibility and accountability allocated. Armed with this plan, you can get your project manager started. We will stand by you every step of the way, if needed. What we do is practical and realistic.
Whether you need to outsource your entire POPIA compliance implementation to us, use us as coaches or advisors, or just use us to bounce ideas off, we partner with you for your full journey.
We are actively involved in POPIA training, POPIA readiness assessments, POPIA implementations, and POPIA advise.
The clients we service range from big five financial institutions, to telecoms, government, through to a small college and even a nursery school. We ALL need to become POPIA compliant.
Some clients need simply an executive overview, others want us to train their implementation team. Some need us to help them scope and plan their journey to compliance. Some use us to manage their implementation hands on. Some like us to come in at set intervals to perform an audit of how they are doing.
We pride ourselves on being flexible to our clients’ needs.
We like to spend a morning with your senior stakeholders, where we go through the Act, understanding what the Act is trying to achieve, the data subject rights, the conditions of the act, and an understanding of what you need to do to be compliant.
We then spend the afternoon with your identified implementation team (sometimes the same group, sometimes a very different team) where we go through a planning session of the approach to implementation that will work in your organisation, and practical advice and guidance to address main areas of concern.
This is what some of our clients have to say:
“Metatrans facilitated a very informative POPI training and planning session for our core team. If we weren’t energized about compliance before, we certainly are now.”
“I would like to convey my thanks to you for the professional manner in which you have engaged my team and I, on the POPI compliance matters that affected us. The fact that we had a “go to” person during this the time of trying to become ready operationally, has been of huge value.”
“Metatrans facilitated a very informative POPI training and planning session for our core team. If we weren’t energized about compliance before, we certainly are now.”
Last words: POPIA is not about compliance. It is not about an Act. Changing your perspective about Protection of Personal Information will change all your relationships with all your stakeholders – Clients, Staff and Suppliers alike.