Access to information and the protection of certain types of personal information rights in South Africa are entrenched in the Constitution and are mainly regulated by the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPI). All entities must be POPI compliant by the end of June 2021 or face harsh penalties.
The POPI Act is South Africa’s equivalent to the European Union General Data Protection Regulation (EU GDPR). The Act sets a number of conditions for you to lawfully process the personal information of data subjects (both juristic and natural persons).
The POPI Act has the biggest impact on organisations that process loads of personal information, especially personal information, account numbers, children’s information, etc. and the most affected industries are healthcare, financial services and marketing. Every business and organisation, irrespective of their nature, have in their possession certain information that must be protected in their own interest, which include but is not limited to–
- business trade secrets
- personal information of other entities or individuals, such as employees, clients, customers, etc.
The POPI Act will be regulated by an Information Regulator, with your organisation’s Information Officer being the key person who must ensure compliance.
Failure to comply with this legislation could have far-reaching criminal and civil implications for the organisation’s head and directors. Businesses are compelled by law to compile, submit and streamline certain documents on a regular basis.
For businesses and organisations to be fully information compliant, they will have to assess all of the following:
- Commercial activities
- Employment contracts and policies
- Corporate governance documents and structures
- Skills level of staff
The Coronavirus pandemic has forced many companies to allow staff to work from home. This poses significant data and information breach risks to companies and place additional compliance requirements on all business entities. Alignment across the total spectrum of organisational activity is therefore essential for businesses and organisations to survive in an ever-growing and regulated technologically advanced and challenging environment.
Policies developed in terms of the PAIA and POPI are very important legal documents and require specialised attention to withstand future legal scrutiny and fully protect the business or organisation. These documents form the foundation of information compliance, while the synergy and alignment of all documents form the cornerstone of protection.
SERR Synergy assists businesses and organisations to compile and update information manuals as required by PAIA, and also assists entities to fully comply with procedures as required by POPI by setting up information security management systems policies where the physical information and cybersecurity risks of organisations are identified and managed to maintain the confidentiality, integrity and legitimate availability of data.
Whilst the focus of the POPI Act is on compliance, our approach is to implement compliance in such a way that it delivers business value and doesn't become a cost centre or overhead, but rather allows for improvements in efficiencies and effectiveness so as to meet the POPI compliance requirements.
In addition to our Information Compliance service offering, we also offer businesses Information Compliance training that includes training on POPI, PAIA and Consumer Law compliance requirements. For a quotation on our Information Compliance training, please contact us or refer to our Information Compliance Service Agreement for more information.
Our value-adding popi and paia service
All services and legal work relating to the implementation of your customised Information Compliance strategy are included in our fees.
The following services are included:
- Compiling an information manual as required by the Act
- Submission of the manual to the Human Rights Commission and regulatory body
- Providing the manual in electronic format for publication on entities’ websites
- Publication of the manual in the Government Gazette (optional)
- Updating the manual on a regular basis
- Submission and publication of updates
- Assistance with enquiries and requests in terms of the Act
- Assistance with disputes and enforcement by the regulator and authorities.
Assisting the entity to comply fully with the following procedures as required by the Act:
- Conducting of audits and assessments
- Compiling a policy or management document regulating the above
- Regular legal developments and updates
- Assistance with any disputes or aspects relating to enforcement by the regulator and authorities.
INFORMATION COMPLIANCE TRAINING (*excluded from the above service offering)
Please note, in addition to our Information Compliance service offering, we also offer Information Compliance training that includes training on POPI, PAIA and Consumer Law compliance requirements. For a quotation, please contact us or refer to our Information Compliance Service Agreement for more information.