BACKGROUND TO DATA PRIVACY IN SOUTH AFRICA
The Protection of Personal Information Act, 4 of 2013, (“POPIA”), which came into force on 1 July 2021, is a law which regulates the use and processing of a person and / legal entity’s personal information, this being in response to, and in order to protect and give effect to a person and/or legal entity’s rights to privacy, including the right not to have their / its personal information and related data misused, abused or used for ulterior purposes.
POPIA applies to personal information which belongs to individuals and legal entities (“Data Subjects”) which is processed, be it in an automated or non-automated manner in South Africa, by another (“Responsible Party”) and places on any Responsible Party who is processing a data Subject’s personal information, a duty to use it lawfully and only for a specific and defined purpose(s).
In terms of POPIA, Lee’s Compliance, as a Responsible Party, is required to appoint an Information Officer (“IO”) and Deputy Information Officers (“DIOs”), to be responsible for establishing a POPIA Compliance Framework, and who following this, are required to assess, analyse and understand what types of personal information Lee’s Compliance is processing which belongs to Data Subjects and to thereafter develop certain processes and procedures, including a POPIA Policy, which have to be followed by all Lee’s Compliance personnel when they process and use another’s personal information.
A Personal Information Impact Assessment as per the Lee’s Compliance POPIA Compliance Framework has been carried out and created, which has indicated that Lee’s Compliance , during the course of its business activities does and will continue to collect, store and process personal information about Lee’s Compliance employees, its customers, suppliers and other third parties.
Furthermore, the Impact Assessment has defined and revealed that Lee’s Compliance processes a large amount of different types of personal information including names, addresses, opinions, financial details, medical details and the like which pertain to current, past and prospective employees and customers, suppliers, and others who Lee’s Compliance communicates and deals with and which processing is carried out for a variety of purposes, including for business, compliance and legal purposes.
Lee’s Compliance also processes special purpose information including gender, sex, marital status, colour, age, race or ethnic origin, religious beliefs, trade union membership and the like for the purposes of recruitment, employment equity statistics, legal compliance and for the facilitation of union fees and memberships.
Following the Personal Information Impact Assessment, Lee’s Compliance is confident that whilst this personal information is held on paper or on a computer or other media, such storage is subject to the prescribed legal safeguards as specified in POPIA and other regulations.
Lee’ Compliance. as per the POPIA requirements, has implemented a robust POPIA compliance programme which includes various POPIA policies and processers, some of which are internal documents and some of which are available for public access. These documents which are available for public access can be viewed below.
Personal Information Processing notices:
Where any person processes Personal Information on behalf of Lee’s Compliance as an Operator as defined under POPIA, then the Lee’s Compliance standard Operator Agreement / Addendum will apply to such processing.
Popia Security Measures (we will upload this document in due course)
POPIA and PAIA Forms:
If you have any questions about our Privacy Practices or this Policy, please contact us.