Webinar: Adapting to achieve POPIA compliance
With just a few months left to get compliant before enforcement of South Africa's Protection of Personal Information Act (POPIA) begins, organisations need to ensure privacy best practices are embedded throughout the organisation as they finalise their privacy and compliance programmes.
Global privacy, security and compliance specilaist OneTrust will be hosting a webinar on managing change for successful privacy programme implementation.
POPIA, South Africa’s data protection statute, was signed into law in November 2013.
There was a notable period of relative stasis for a number of years while a commencement date for the key provisions was decided. The Information Regulator, the data protection authority provided by POPIA, was established during this time and held its first meeting late in 2016. On July 1 2020 a 12-month transition period began, meaning that public and private bodies would need to be compliant from July 1, 2021.
POPIA requires responsible parties that process personal information to adhere to specific conditions for lawful processing, including accountability, processing limitation, purpose specification, information quality, openness, security safeguards, and data subject participation. Data subjects are granted several rights under POPIA, such as the rights to notice of collection, to request the correction, destruction, or deletion of personal information, to object to direct marketing, to not be subject to automated processing, and to direct private right of action.
Building best practices
David Longford, territory manager at OneTrust, notes that achieving compliance demands buy-in and awareness from employees throughout the organisation.
“Organisations throughout Europe learned through their GDPR compliance programmes that people-focused change management, utilising employees' soft-skills, was critical in achieving their goals,” he says.
According to OneTrus, change is often difficult and old habits die hard, but with careful management and a focus on best practices, complying with a new or updated regulation like POPIA can run smoothly. With that in mind, a good privacy programme should:
- Be aligned with the organisation's culture and processes:
Copy and paste doesn’t work for privacy programmes. Every programme is unique, so be sure to consider what is important to your organisation and how you work.
- Have clearly defined business owners per task:
It is important to know who is responsible for overseeing specific tasks and who manages monitoring responsibilities.
- Prioritise privacy by design:
Privacy by design is not just a theoretical concept, but can save companies a lot of resources and trouble if they build its rules into the controls throughout their operational levels, and should be built into a company’s operational framework.
- Evolve and never goes out of date:
Keep monitoring and adjusting your programme as needs change and develop, and be sure to learn from those around you.
The upcoming OneTrust webinar, to be staged in partnership with ITWeb, will elaborate on how to initiate role-specific awareness conversations with bespoke messaging, relevant to each role and level of an organisation, to create holistically successful privacy programmes.
Register for the webinar: Managing Change in a Successful POPIA Programme
Request a Demo: OneTrust Privacy Management Software for South Africa