The 8 Compliance Conditions

Red Edge Solutions, an ICT solutions provider with emphasis on governance and compliance, and EOH Legal Services, an industry expert in regulatory compliance, have partnered to offer businesses a complete POPI compliance solution.

As POPI will not only impact your business from a legal perspective, but also from a business process perspective, we have identified a step by step solution that will not only assist with legal compliance, but will also aid your business in adjusting its current business policies and processes. This 360 Solution also allows for software solutions where required.

 1  Accountability:  Ensure that all the principles contained in POPI and all the measures that give effect to these principles are complied with.
  • Who will be tasked with the responsibility of compliance in your organisation? This individual will be held liable for non-compliance in certain situations!
  • How will this individual ensure the organisation is POPI compliant?
 2  Processing Limitation:  Personal information may only be processed in a fair and lawful manner and only with the consent of the data subject.
  • From whom may you collect a data subject’s personal information?
  • When may you process personal information?
 3  Purpose Specification:  Personal information may only be processed for specific, explicitly defined and legitimate reasons.
  • Are you familiar with the various laws that allow for the collection of personal information?
  • Can you link all personal information collected to legitimate reasons for collecting?
  • For what time period may you retain personal information?
  • How must personal information be destroyed?
 4  Further Processing Limitation:      Personal information may not be processed for a secondary purpose unless that processing is compatible with the original purpose.
  • Does your business process personal information again after it has been collected?
  • Is the secondary processing aligned with the original intent and how do you ensure that it is?
 5  Information Quality:  How do you ensure accuracy of personal information?
  • How do you ensure that personal information is reliable and accurate at all times?
  • What processes do you have in place to allow data subjects, such as customers and employees, to update their personal information?
 6  Openness:  The data subject whose information you are collecting must be aware that you are collecting such personal information.
  • What evidence do you have that your customers and/or employees consented to the collection of their personal information?
  • How do you inform your customers of their right to lodge a complaint with the Information Regulator?
 7  Security Safeguards:  Personal information must be kept secure against the risk of loss, unauthorised access, interference, modification, destruction and disclosure.
  • How do you determine which employees are permitted access to what personal information?
  • How would you be alerted when personal information is accessed or modified without authorisation?
 8  Data Subject Participation:  Data subjects may request whether their personal information is held, as well as the correction and/or deletion of any personal information held about them.
  • What processes do you have in place to ensure such a request from a customer and/or employee is adhered to?
  • Does your current system allow for customer and/or employee information to be deleted?