Protection of Personal Information Act (POPIA) is South Africa’s data privacy and protection law that was enacted in 2013. POPIA aims to promote the protection of personal information processed by public and private bodies and hold them accountable by subjecting these responsible bodies to certain rules and conditions thereby enabling them to lawfully process personal data.
This assessment provides specific questions which will guide your organization through typical thinking in order to establish your level of readiness. Does your organization even need to comply with PoPI Act? Each question is aimed at triggering the basic thought process of “what does this mean for us”. The outcome of the assessment should provide the insights to determine your next steps to PoPI compliance. Please note that this assessment is only the first step on your PoPI Act compliance journey and does not constitute a complete solution.
Standard POPIA Policy
This policy tells you what you need to know about POPIA, what the law entails, how it should be applied, what may happen if you do not comply, who the role players are, and other interesting details.
Standard PAIA Policy
All public bodies and certain private bodies are required to have a PAIA policy in place. The need to have a PAIA policy stems from the Promotion of Access to Information Act (PAIA) and is founded on section 32 of South Africa’s Constitution, which creates a right to access information. A PAIA policy, therefore, amongst other things, provides an application procedure for any person to approach your business to gain access to information held by the business and furthermore, information regarding how such a request to access may be assessed and feedback provided.
Information Officer Appointment Letter
Every responsible party has an information officer. The default position is that the Information Officer is the head of the body (CEO / managing director). The CEO or managing director may, in writing, designate and authorize any natural person within the body to act as the Information Officer.
What does the appointment letter cover?
- enables the head of the body to change the default position and appoint and authorize a person within the organization to fulfill the role of the Information Officer.
- sets out that Information Officer’s duties and responsibilities
- makes provision for recommended indemnities for the role
- makes provision for recommended duties of the responsible party to support the Information Officer in the performance of their role
- incorporates the registration requirements for Information Officer’s to be registered with the Information Regulator
- can be customized for your organization’s requirements