There is no reason to panic as a business or as an individual when it comes to the POPI act and being compliant, we will give you a summary right here along with a template to use for your POPI Policy. Starting with, how does a business go about identifying all its data sources. While easy for small businesses, this can be a daunting task for larger firms.
Here is the basic POPI procedure to follow, to get any big or small corporation, in line with POPI.
- Register businesses POPI information and declare information officers here: justice.gov.za/inforeg/portal
- Send your POPI Act Policy to current suppliers and customers.
- Display your POPI Act Policy on your website.
- ALWAYS ensure your company data is well protected and secure, NEVER sell your data to any corporation or individual, this is a criminal offence.
While the above is easy enough, it’s important that your business ensures they are POPI compliant and safe. How do you even begin to do this, we are going to tell you…
Name Information Officors
How this is done is completely up to the business. There is a lot of responsibility involved in the role, and the decision should be made with caution as this person will be held responsible for answering your businesses data questions to the Act. They are the official data officers for your organisation. Depending on your business size will give you an idea on how this should be handled. For larger organisations it’s better to name an information officer in each department. Whereas smaller businesses could manage with only one or two. This decision is entirely based on the amount of data source areas that need to be located and managed within the organisation. Once you have information officers identified, you may then get them to record all data sources they will be responsible for. Breakdown on how to easily collect and manage company data below:
Record all data sources
Step 1 – Note down all areas of business (sales / marketing /ops.. etc)
Step 2 – Identify each area of data collection or data release within each department. (Banking / social accounts / suppliers)
Step 3 – Once all areas of data sources are allocated, put them on a list and identify in each data area WHAT information is being shared and WHY,.So whether it’s the clients information or the service provider receiving information on the client or on the business in question. HOW it is being used. WHO is in charge of this data.
EG1: Marketing – facebook – Email – Marketing manager
EG2: Operations – DHL – Client info (NAP (name/address/phone)- Ops manager
Once you have identified all the above information for your whole organisation, you will have a very clear diagram of data collected, why and how it is stored and used within your organisation. This will also allow you to identify any weak points that would need to be looked at or areas that are not protecting your clients or your data.
POPI Act Company Policy
Once all this is identified your business will be able to draw up a POPI POLICY, which is part of the POPI Act regulations. This is a detailed document that outlines how data is stored and kept safe within the company. It details information on backups of data within the company. This should be easy to draw up after completing the diagram of all data points within the business. This document is to be sent to all your clients and suppliers, so that they are aware of how your data is being used. This is known as the POPI Act Policy.
Register on POPI website
Once you have all the above together you can then begin the process of registering and ensuring your complaint within SAs new privacy act here: justice.gov.za/inforeg/portal.
The POPI Act was put in place in July 2020, with one year to comply, hence why POPI is trending. Do not panic if you missed the deadline, please do go ahead register and complete the process, to ensure no future penalties.
For in depth information on the POPI Act please read – https://popia.co.za/