Six tips for easy POPIA compliance
The South African Constitution enshrines the right to privacy, which the Protection of Personal Information Act (POPIA) gives effect to, safeguarding personal information. POPIA, which commenced on 1 July 2020, seeks to balance the right to privacy against other rights, such as the right of access to, and the free flow of, information.
Private and public sector organisations that process personal information need to do so in a lawful manner, ensuring the safety of the information they have access to, protecting individuals from data breaches and information theft.
Signed into law in 2013, the Act has been implemented incrementally since April 2014, and while it allows for a 12-month period for complete compliance, it stands to reason that both the private and public sector should attempt to comply as soon as possible to protect the rights of individuals.
Ezra Pillay (LLB), Compliance Specialist: Data Protection and Technology at LexisNexis South Africa, offers six tips for easy POPIA compliance:
- Appoint your team: Depending on the size, scope and function of your organisation, appoint either a dedicated POPIA compliance officer or a full team.
- Assign responsibilities: Determine who is responsible for the processing, storing, managing or destruction of personal information that your organisation holds, including past and present clients.
- Upskill personnel: Train the personnel identified and ensure that your IT service provider is compliant. Sign up for the free POPIA webinar series, presented by POPIA expert Ahmore Burger-Smidt. Click here to register.
- Subscribe to tools: Lexis Assure, from risk and compliance experts, LexisNexis provides checklists and alerts, ensuring that you not only “tick” each of the relevant boxes, but stay up to date with changes in legislation.
- Get resources: Learn what type of information is governed by POPIA, and what exemptions exist. For a comprehensive understanding, purchase A Commentary on the Protection of Personal Information Act from the LexisNexis bookstore. Authored by Yvonne Burns and Ahmore Burger-Smidt, it is the first South African publication that covers the requirements for compliance, setting out the powers of the Information Regulator, possible fines, compensation and damages. The title also looks at the impact of POPIA on employment law; non-automated and automated decision-making; outsourcing of processing; marketing and direct marketing; credit reporting and the Internet, among others.
- Get guidance: Sign up for access to expert guidance with Lexis Practical Guidance. POPIA matters sit within the IT and data protection area of Lexis Practical Guidance, providing detailed step-by-step guidance on data protection in South Africa and internationally. Deconstructing the specifics of the Act, the tool offers an easy to understand “how to" guide, explaining what needs to be prioritised and what aspects of the Act apply to your organisation.
Avoid penalties, reputational damages and putting your clients at risk. Get access to tools that provide detailed and understandable commentary, with practical checklists in plain, understandable language, helping you to ensure compliance.
About Ezra Pillay
Ezra Pillay, Compliance Specialist: Data Protection and Technology at legal technology provider, LexisNexis South Africa has an LLB from the University of KwaZulu-Natal and is an Admitted Attorney of the High Court of South Africa. He has also qualified in Compliance Management from University of Johannesburg and in Business Systems Analysis at the University of Cape Town.
LexisNexis Legal & Professional is a leading global provider of legal, regulatory and business information and analytics that help customers increase productivity, improve decision-making and outcomes, and advance the rule of law around the world. As a digital pioneer, the company was the first to bring legal and business information online with its Lexis® and Nexis® services. LexisNexis Legal & Professional, which serves customers in more than 150 countries with 10,600 employees worldwide, is part of RELX, a global provider of information-based analytics and decision tools for professional and business customers.
In South Africa LexisNexis® has been assisting companies and professionals to remain abreast of changing legislation and shifts in the regulatory environment for over 80 years, combining the best of local knowledge in Butterworths with leading-edge tools and online solutions that have positioned the company as a pioneer of legal technology. LexisNexis South Africa’s business units include LexisNexis Legal Information and Compliance, LexisNexis Data Services, LexisNexis Business Software Solutions and LexisNexis Academic. South African investment firm, Tsiya Group acquired a minority interest in LexisNexis South Africa in July 2012.