R9,878.50 incl. VAT
DIY POPI Compliance System Toolkit
R9,878.50 incl. VAT
All documents are in editable Microsoft Word and Excel format.
The Gintan Luthuli Associates DIY POPI Compliance System will assist your organization to meet the legislative requirements of the Protection of Personal Information Act efficiently and effectively. The system documents and templates include 12 months of updates and support. The GLA system allows you to update policies and procedures enabling POPI compliance fast.
Gintan Luthuli Associates have developed a legislatively based DIY POPIA system with editable templates and guides enabling your business to benefit from our years of Risk Management expertise and put you in control of your business compliance easily, expertly and in in an understandable way that you and your employees can easily follow. The system includes training and awareness modules which decrease risk and change employee behaviour without the necessity of changing your existing business services and structures.
If required, GLA can assist organisations with implementation.
Call (011) 494-3338 and speak to one of our consultants
What is POPI?
POPI refers to South Africa’s Protection of Personal Information Act. This law regulates the “Processing” of “Personal Information”
“Personal Information” means information relating to an identifiable, living natural person or juristic person (sole proprietors, companies, CC’s etc.). This includes, but is not limited to:
- contact details: email, telephone, addresses etc.
- age, sex, race, birth date, ethnicity etc.
- history regarding medical, blood type, employment, financial, educational, criminal, biometric information
- private and business correspondence
“Processing” means what is done with the Personal Information collected, including, usage, storage, dissemination to 3rd parties, alteration or deletion (whether such processing is automated or not).
Personal information is an asset
For most businesses, personal information is an asset. Whether central to their services or only used for marketing, there is value to having quality personal information (which is a condition of lawful processing) and is secure (another condition of lawful processing). The loss of or damage to this asset results in loss of trust, reputation and can lead to loss of profit.
Some POPIA obligations are to:
- Collect only information required for a specific purpose
- Apply security measures to protect the information
- Only hold the information for as long as you need it
- Allow the subject of the information to see their data held upon request
When will I be affected by POPIA? Does POPI really apply to me?
Compliance with the Protection of Personal Information Act (POPIA), also known as the POPI Act, is mandatory for most organisations in South Africa. POPI makes it illegal to collect, use or store the personal information of consumers and businesses unless it is done in accordance with the laws and regulations prescribed in the Act.
The Act was signed into law in November 2013. The Information Regulator was setup in December 2016 and formalised in February 2017. We are now awaiting a commencement date for the regulations. The POPI Draft Regulations have been available for public comment and requirements have become clearer.
Accountability for compliance rests with the Responsible Party, meaning a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.
Non-compliance could expose the Responsible Party to penalties or fines including imprisonment of up to 12 months. In certain cases, penalties for non-compliance can be a fine and / or imprisonment of up to 10 years.