POPIA – South Africa’s new data protection law

Written By Thornton van Wyngaardt

South Africa’s POPIA is the latest major data privacy law in the world to be modelled closely after the EU’s General Data Protection Regulation (GDPR) that not only just empower citizens with enforceable rights over their personal information but establishes eight minimum requirements for data processing (e.g. introducing consent as a required legal basis), creating a broad definition of personal information for comprehensive end-user protection, as well as forming the Information Regulator (SAIR) as lead enforcer and supervisor of the law.

 

What is all the fuss about and why does my business need to be compliant?

  • POPIA took effect on July 1, 2020.

  • POPIA enforcement began on July 1, 2021.

  • POPIA applies to any company or organization processing personal information in South Africa, who is domiciled in the country, or not domiciled but making use of automated or non-automated means of processing in the country.

  • Fines for non-compliance with POPIA can range up to 10 million ZAR (South African Rands).

  • Transfers of personal information outside of South Africa is prohibited by POPIA (with exceptions).

  • POPIA creates nine actionable rights for South African citizens (data subjects), including but not limited to the right to access, right to correction and right to deletion.

  • POPIA also creates eight conditions for lawful data processing, in which the consent of the data subject is central. It is up to websites, companies, and organizations (“responsible parties”) to prove that their processing is lawful, e.g., that correct consents have been obtained from users.

  • POPIA defines consent as any voluntary, specific, and informed expression of will.

  • POPIA defines processing as collection, receipt, recording, organization, storage, merging, linking, and more.

  • POPIA defines personal information broadly as any information relating to not only a living person, but also a company or legal entity.

  • POPIA allows companies and organizations to process data if it’s deemed in the user’s “legitimate interest”, creating a point of ambiguity for possible abuse and enforcement difficulties.

 

To become compliant with POPIA in South Africa that began July 1, 2021, grok hr solutions has design a simple an easy-to-use compliance kit available for R 2 850.00 Excl. Vat.

 

What does the kit include?

  • Introduction to POPI compliance.

  • POPI risk assessment.

  • POPI compliance project plan.

  • Review of policies and procedures.

  • Employment contract addendums.

  • POPI and Privacy Policy development.

  • PAIA Manual Development.

  • Legal Appointments.

  • Appointment & Submission of Information officer/deputy information officer & PAIA Manual to the SAHRC.

  • Awareness sessions for staff, either at your office or via the online grok learning academy.

 

We follow a simple five-step implementation process;

  • Step 1 - Risk Analysis in terms of the 8 principles of PAIA (Personal Information Impact Assessment_PIIA).

  • Step 2 - Where there are gaps, we implement strategies and policies to ensure compliance.

  • Step 3 - Training and awareness for staff in terms of POPIA.

  • Step 4 - Appoint Information Officer and register online.

  • Step 5 - Security and IT security assessment on an annual basis.

We at grok HR solutions have already prepared for the introduction of the POPI act, which took effect Thursday 1 July 2021. As a result, we would like to give you the opportunity to unsubscribe from our mailing list should you no longer wish to receive communications from us.

We maintain this list so to ensure that you receive information on scheduled courses, changes in legislation as well as various topics affecting busines in South Africa. The end goal is that you as an employer should do what you do best and love your business and let us take care of the HR issues that creep in.

By staying opted in, you will continue to receive, news, course schedules and other communication on latest trends in the HR universe. 

If you wish to unsubscribe, you can do so by clicking on the  “unsubscribe” link at the bottom of this email. 

However our team would be happy if you remain on our mailing list, and no further action on your behalf would be required.

We thank you for your support in the past and hope that this can continue into the future.

Thornton van Wyngaardt
Previous

Mandatory Vaccinations of Employees
Next

COVID-19: Additional Obligations on South African Employers