PROTECTION OF PERSONAL INFORMATION (POPI)…

IS YOUR BUSINESS READY TO COMPLY?

The purpose of the Protection of Personal Information Act (“POPI”) is to promote the protection of personal information processed by public and private bodies. Among other objectives, POPI establishes minimum requirements for the processing of personal information of “data subjects” (including individuals and legal entities).

POPI is based on international best practice and is a reflection of the best features of international privacy legislation. It follows the principles of King III and accommodates international standards such as COBIT 5 (Control objectives for information and related technology – version 5).

POPI deals with eight conditions for the lawful processing of personal information of data subjects, namely: 1. accountability, 2. processing limitation, 3. purpose specification, 4. further process limitation, 5. information quality, 6. openness, 7. security safeguards and 8. data subject participation.

* These eight conditions are discussed in detail under “The 8 Compliance Conditions“.

Which business processes and information systems will be impacted?

  • Customer interaction: the collection and processing of customer information;
  • Human Resources: the collection and processing of employee information;
  • Information Management: the classification, retention and safeguarding of information;
  • Marketing: customer relationship management, system restrictions on direct marketing, keeping record of which customers not to contact in respect of new product offerings;
  • International transfer of information: restrictions on cross-border transfers of information.