The Protection of Personal Information Act (POPIA) came into full force on 1st July 2021 and is one of the most important pieces of legislation promulgated over the past few years. The Act stipulates when personal information is collected, it must be properly used, stored, managed, protected, and destroyed by way of various policies and procedures approved by the Information Regulator. The compliance process is an on-going process, and the Responsible Party or management can never wash their hands or delegating their accountability and responsibilities in complying with the POPI Act, because the Board of Directors must ensure compliance
If the company processes special personal information, you must also apply for Prior Authorisation which deadline has been extended to 1st February 2022.
The purpose of Act is to protect personal information, to strike a balance between the right to privacy and the need for the free flow of, and access to information, and to regulate how personal information is processed. POPI Act Compliance is about applying the very best standards in taking responsibility for your customers’ personal information in order to avoid regulatory sanctions and maintaining the trust and respect of your clients and the general public.
All the above must therefore already be in place according to the requirements of the POPI Act, if not the company is in breach of the Act. Compliance of the POPI Act is a matter that must be approached with the necessary urgency, care and dedication to ensure compliance. In cases of repeated non-compliance, a fine of up to R10 million and or incarceration of up to 10 years of senior management is possible. It is essential to make decision makers and key personnel in your organization aware that the law has changed in accordance with the POPI Act and the severe consequences of non-compliance. All companies must put policies and procedures in place to monitor and enforce compliance in the long term.
An Information Officer who is the POPI oversight representative of the company must be appointed by the board of Directors by way of a board resolution and confirmed by a letter of appointment and then registered with the Information Regulator.
The Information Officer must typically be the Chairman of the Board, Senior Director, Director, or CEO if not, a senior employee, with the necessary authority to manage and implement the requirements of the POPI Act. The Information Officer can delegate his daily responsibilities and tasks to a Deputy Information Officer but can never delegate his/her accountability and responsibilities. If the company processes special personal information, it must apply for prior authorisation before the company is allowed to process this special personal information.
I have been involved in ensuring compliance of the POPI Act for three years now and have become a specialist in the details and requirements of the Act. I have assisted various companies to ensure compliance. My role as a business partner of Altitude is to ensure that the company has the necessary information to be compliant and implement the contents and regulations of the Act. It is important to note that the extensive process must be driven by the Information Officer appointed by the Board of Directors. I assist in the registration of the Information Officer with the Information Regulator, apply for Prior Authorisation, and supply the necessary documentation, policies, training material and expertise to ensure compliance. I am also on stand-by to assist in case of a breach.
If your Company is not POPIA compliant and you need any additional information, please contact me in this regard. This service is not part of the Industrial Relations service of Altitude therefor a separate fee is applicable.
If you are not interested in the above, I would really appreciate it if you could refer me to anybody else who will be interested in this POPIA service or the Industrial Relations service.
At van Niekerk
Please contact At van Niekerk at email@example.com in this regard