what is popi compliance?
The Protection of Personal Information Act, 2013 (Act 4 of 2013)
The Protection of Personal Information Act, 2013 (POPI Act) aims to promote the protection of personal information processed by public and private bodies by, among others, introducing certain conditions for the lawful processing of personal information so as to establish minimum requirements for the processing of such information. POPI Compliance is thus ensuring that you meet the guidelines and requirements provisioned in the Act. For a full copy of the Act you can download it here.
The Information Regulator (South Africa) is, among others, empowered to monitor and enforce compliance by public and private bodies with the provisions of the POPI Act.
Part of ensuring you have done everything reasonable to ensure compliance, is to perform a Privacy Impact Assessment (PIA) of your business. This will provide you with a percentage score of how compliant your business is as well as to provide you with a full report and usable remediation on how to become compliant. A normal PIA will take around a full work day to complete.
While business sizes clearly differ and the way in which subject data is held differs too, the important thing is to ensure that you don’t get into a situation which could severely harm your business in the future.So be sure to book your PIA before its too late.