POPI-1
Alison Lee

Alison Lee

POPIA UPDATES LAST WEEK OF JUNE

 

GETTING POPIA UNDER CONTROL- SOME TIPS

Let’s face facts – implementing POPIA overnight is not going to happen.

Knee jerk reactions and plugging those rather large POPIA gaps with borrowed and unthought through templates will not achieve a desirable or compliant outcome.

Whatever you are doing now, take note that the implementation of POPIA needs to be planned and the steps agreed upon once the planning is worked through, and implemented in a phased manner over a carefully calculated period of time.

The implementation of POPIA is a step-by-step procedure; starting with a thorough data mapping exercise, where personal information which is used and processed by the organization is looked at, analysed & assessed, looked at from a risk perspective, and the outcomes and findings documented and mapped out.

The results revealed through this exercise provides insight on what POPIA policies and related processes are required.

This is followed by building the required policies, procedures and related documents, which once approved, must be implemented following a carefully thought out implementation program.

All of these steps takes time, and resources are required.

And so – the implementation will not take a few days or even a few weeks.

It will take a number of months – and will be an ongoing activity.

So, what happens if come 1 July 2021 – you are unable to show that the above has been done?

Well join the club – you are again – not alone.

As we have picked up from the headlines, and from various Information Regulator news feeds and press releases, the Information Regulator is also experiencing a couple of implementation challenges.

Here are some recent articles to back this statement up:

REGISTRATION OF IO AND DIO

Notice in terms of the commencement date of section 58(2), 18 June 2021

POPIA GUIDANCE NOTES

Guidance note on exemptions from the conditions for lawful processing of personal information in terms of Section 37 and 38 of the Protection of Personal Information Act 4 of 2013, 21 June 2021

DRAFT BANKING CODES OF CONDUCT

Notice in terms of Section 61(2) of the Protection of Personal Information Act No 4 of 2013 (POPIA): Banking Association South Africa (BASA), Lawful processing of personal information by member Banks, 08 June 2021

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email