PopiSoft Policy Gold

R3,500.00

The PopiSoft Policy Gold includes a generic set of legal data protection documents which aims to deliver a POPIA compliance kick-start for medium-sized businesses. The plan includes the below documents:

  1. Readiness Assessment.
  2. Standard POPIA Policy.
  3. Standard PAIA Policy.
  4. Personal Information Request Form.
  5. Information Officer Appointment Form.
  6. Information Officer Registration Form (With the regulator).
  7. Cookie Policy
  8. Data Processing Agreement
  9. Employee Privacy Notice
  10. Board Resolution – POPIA Implementation
  11. Data Breach Management Policy
  12. Intra-Group Transfer Agreement for Data Transfers
  13. Operator Agreement
Category: Tags: ,

Description

Protection of Personal Information Act (POPIA) is South Africa’s data privacy and protection law that was enacted in 2013. POPIA aims to promote the protection of personal information processed by public and private bodies and hold them accountable by subjecting these responsible bodies to certain rules and conditions thereby enabling them to lawfully process personal data.

Readiness Assessment

This assessment provides specific questions which will guide your organization through typical thinking in order to establish your level of readiness. Does your organization even need to comply with PoPI Act? Each question is aimed at triggering the basic thought process of “what does this mean for us”. The outcome of the assessment should provide the insights to determine your next steps to PoPI compliance. Please note that this assessment is only the first step on your PoPI Act compliance journey and does not constitute a complete solution.

Standard POPIA Policy

This policy tells you what you need to know about POPIA, what the law entails, how it should be applied, what may happen if you do not comply, who the role players are, and other interesting details.

Standard PAIA Policy

All public bodies and certain private bodies are required to have a PAIA policy in place. The need to have a PAIA policy stems from the Promotion of Access to Information Act (PAIA) and is founded on section 32 of South Africa’s Constitution, which creates a right to access information. A PAIA policy, therefore, amongst other things, provides an application procedure for any person to approach your business to gain access to information held by the business and furthermore, information regarding how such a request to access may be assessed and feedback provided.

Information Officer Appointment Letter

Every responsible party has an information officer.  The default position is that the Information Officer is the head of the body (CEO / managing director). The CEO or managing director may, in writing, designate and authorize any natural person within the body to act as the Information Officer.

What does the appointment letter cover?

  • enables the head of the body to change the default position and appoint and authorize a person within the organization to fulfill the role of the Information Officer.
  • sets out that Information Officer’s duties and responsibilities
  • makes provision for recommended indemnities for the role
  • makes provision for recommended duties of the responsible party to support the Information Officer in the performance of their role
  • incorporates the registration requirements for Information Officer’s to be registered with the Information Regulator
  • can be customized for your organization’s requirements

Cookie Policy

This generic cookie policy explains to the visitor or user of your website what cookies are and their purpose, what cookies your website may use, how to delete cookies, and also the consequences of deleting non-essential functioning cookies when making use of your website. The policy is usually connected to your privacy policy and any cookie tool regulating cookies on your website. This generic cookie policy can be customized according to your specific needs, so simply download the document, customize it or ask us to do it for you, and apply it to your business.

Data Processing Agreement

This generic Data Processing Agreement (DPA) regulates the Ts&Cs of how the processor shall process personal information about data subjects on behalf of the controller.  If a member company in your Global Group Enterprise uses external third-party service providers, vendors, or suppliers to assist in the processing of personal data on its behalf,  it is recommended that a DPA be put in place to ensure both parties know their scope and purpose of personal data processing; what data is processed and how it should be protected; the relationship between the controller and the processor and necessary indemnities, security and protection.  Simply download the document and apply it to your business. If you require our help to customize the generic document, get in touch.

Employee Privacy Notice

This generic employee privacy notice sets out the basis upon which you process the personal information of your staff or employees of your business. It has been drafted to co-align with POPIA’s eight conditions for the lawful processing of personal information. This generic Employee Privacy Notice can be incorporated by reference into your company’s employment contracts, recruitment documents, internal employment procedures & guidelines, or protocols. Simply download the document and apply it to your business. If you require our help to customize the generic document, get in touch.

Board Resolution – POPIA Implementation

This generic board resolution aims to enable a private or public body (e.g. company, close corporation, partnership), as a responsible party under POPIA, to adopt implementation measures to comply with POPIA and PAIA. It covers:

  • Resolve to compliance measures commencing (gap analysis or audit report and high impact assessments being conducted)
  • Resolve to recognized head of the body as the automatically appointed information officer
  • Resolve to designation and authorization of information officer (IO) from the head of the body to another person within the body
  • Resolve to authorization of deputy information officer(s) (DIO)
  • Resolve to IO’s and DIO’s registration with the Information Regulator
  • Resolve to general duties and responsibilities of the information officer
  • Signed by the acting chairperson of the board of the body

Data Breach Management Policy

This data breach management policy provides a generic policy guideline for staff to deal with a data security breach or incident within the company to ensure such event is dealt with in a lawful and timely way and giving personnel guidance on what to do in the event of a breach event, ensuring that an incident is appropriately recorded and properly investigated, the impacts are understood, risks identified and action is taken to prevent further damage. The generic policy can be customized according to your specific needs, so simply download the document, customize it or ask us to do it for you, and apply it to your business.

Intra-Group Transfer Agreement for Data Transfers

This generic Intra-Group Data Transfer Agreement sets out the terms and conditions in which any member company of a Global Group Enterprise may transfer personal data to another member company in the group. Simply download the document and apply it to your Global Group Enterprise. If you require our help to customize the generic document, get in touch.

Operator Agreement

This generic operator agreement regulates the Ts&Cs of how the operator shall process personal information about data subjects on behalf of the responsible party.  If your company uses any third-party service providers, vendors, suppliers to assist in the processing of personal information on your behalf, it is recommended that an operator agreement be put in place to ensure both parties know their scope and purpose of personal data processing; what data is processed and how it should be protected; the relationship between the operator and the responsible party and necessary indemnities, security and protection.  Simply download the document and apply it to your business. If you require our help to customize the generic document, get in touch.

 

 

 

Reviews

There are no reviews yet.

Be the first to review “PopiSoft Policy Gold”

Your email address will not be published. Required fields are marked *