With the arrival of South Africa’s new privacy law, POPIA, we have developed a series of services to help you become compliant to the new regulation.
We have built or services around the eight principles of the regulation.
- Accountability – as the data processor you must take responsibility for ensuring that all the required conditions are met. You will need to demonstrate this with clear documentation and reporting. We will help you build the reporting tools you will need to meet this requirement together with the policies and procedures needed.
- Processing Limitation – the regulation has placed very strict limits on the kind of data processing that is allowed. Such limits will controlled by appropriate policies and procedures which will design, write and implement for you.
- Purpose Specification – his restricts reasons behind data collection to specific, explicitly defined and lawful purposes. Essentially, data collection must revolve around your normal business activities. Your data subjects must also be aware of these reasons. The specification will be designed for you and clearly set out the your legal basis for processing and procedures for informing the dat subject(s).
- Further Processing Limitation – this puts limitations on how far organisations can further process data from their original intent. Any further processing must be compatible with the purpose for which it was originally collected. Once data has been classified, any further processing can be clearly demonstrated and the legal basis for doing so established. Therefore, your business knows exactly what it can and cannot do with personal data.
- Information Quality – this stipulates that organisations must ensure collected data is complete and accurate. A process and procedure for checking the accuracy of the data you hold is required and the onus is on you as the processor to ensure this is carried out. This must be recorded and documented for audio purposes. We can provide all that you need to meet this part of the regulation.
- Openness – regards data processors responsibilities under South Africa’s Promotion of Access to Information Act (PAIA), requiring documentation of data processing activities and proactive data subject notification when data is collected. No matter what activities you decide upon, any data processing of data must be planned to ensure compliance and again documented so that you are open about what you have been doing with your data.
- Security Safeguards – Outlines the security requirements which are described as appropriate, reasonable technical and organisational measures That organisations must take to keep personal data securely We will work with you to ensure that your cyber security posture is appropriate and strong in order to comply with the regulations. A report and statement will be produced about this for audit purposes.
- Data Subject Participation – This defines the rights of data subjects including their right to access their own data, to be able to request and receive corrections within a timely manner. It is very important that, should a request be made, you know where data is stored and that is complete. You should know how to communicate receipt of the request and to communicate updates until the request is closed. You should also have a documented procedures for this and for confirming identities of requestors. We can can provide all of this for you to give you peace of mind.
Whatever your requirement, we can help deliver you POPIA compliance. Don’t spend big money on expensive lawyers as we can help, all for a fixed price!