POPI Compliance – The POPI Compliance Manual
The POPI Compliance Manual sets out the specific steps that need to be taken to ensure compliance with the PoPI Act. The POPI Compliance Manual should be read in conjunction with the Act, and covers topics such as data governance, data capture, retention and destruction, as well as employee training.
To ensure Popi compliance with the Act, all organisations need to appoint a Data Protection Officer (DPO) who will be responsible for overseeing data protection within the organisation. The DPO is also responsible for developing and implementing a data protection policy, and must ensure that all employees within the organisation are aware of their obligations under the Act.
The PoPI Compliance Act applies to ANY PERSON (natural or juristic) or organisation that holds any type of records which relates to the POPI COMPLIANCE MANUAL of ANYONE.
ANY PERSON: Refers to any natural, or juristic, person, both local and foreign.
WHAT IS PERSONAL INFORMATION?
Any information relating to, but not limited to, the following; age, gender, marital status, religion, ID number, e-mail address, physical address, financial, private or confidential correspondence, telephone number and name and surname.
WHAT DOES THIS MEAN AND WHO NEED TO PRODUCE A POPI COMPLIANCE MANUAL?
- If you are a natural person living in South Africa, or you are a legal entity that is registered in South Africa you need to be POPI compliant.
- If you process personal information in South Africa you need to be POPI compliant.
WHO IS EXEMPT FROM COMPLYING WITH POPI AND COMPLETING A POPI COMPLIANCE MANUAL?
- The personal information you process is not entered into a record.
- The personal information you process is in the course of household activities only.
- The information you process is de-identified.
- If you are a public body that protects national security.
- A cabinet, its committees and the executive council of a province
- Courts referred to in Section 166 of the Constitution.
- The personal information you process is purely for journalistic, artistic or literary purposes.
You might also be interested in
What is the role & responsibilities of the POPI Information Officer in terms of the POPI Act?
POPI Information Officer registration and responsibilities In terms of the PoPI Act a POPI Information Officer (“IO”) must be registered with the regulator. As the designated POPI Information Officer you are ultimately responsible for encouraging, and ensuring...
Public Interest Score (PI Score)
What is a Public Interest Score? A Public Interest Score (PI Score) is an indication of your company’s level of public interest. Your company’s level of public interest indicates the level to which it must be regulated, and the level of financial reporting that is...
Company registration documents that are Required
If you haven’t done it before, registering a company in South Africa may seem like a daunting task, loaded with red tape and requiring all sorts of documents, but it’s actually quite simple. As long as you know what the statutory requirements are for the type of...