GETTING POPIA UNDER CONTROL- SOME TIPS
Let’s face facts – implementing POPIA overnight is not going to happen.
Knee jerk reactions and plugging those rather large POPIA gaps with borrowed and unthought through templates will not achieve a desirable or compliant outcome.
Whatever you are doing now, take note that the implementation of POPIA needs to be planned and the steps agreed upon once the planning is worked through, and implemented in a phased manner over a carefully calculated period of time.
The implementation of POPIA is a step-by-step procedure; starting with a thorough data mapping exercise, where personal information which is used and processed by the organization is looked at, analysed & assessed, looked at from a risk perspective, and the outcomes and findings documented and mapped out.
The results revealed through this exercise provides insight on what POPIA policies and related processes are required.
This is followed by building the required policies, procedures and related documents, which once approved, must be implemented following a carefully thought out implementation program.
All of these steps takes time, and resources are required.
And so – the implementation will not take a few days or even a few weeks.
It will take a number of months – and will be an ongoing activity.
So, what happens if come 1 July 2021 – you are unable to show that the above has been done?
Well join the club – you are again – not alone.
As we have picked up from the headlines, and from various Information Regulator news feeds and press releases, the Information Regulator is also experiencing a couple of implementation challenges.
Here are some recent articles to back this statement up:
Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Banking Association South Africa (BASA), Lawful processing of personal information by member Banks, 08 June 2021