- Legislates the constitutional right to privacy
"Processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including -
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as blocking, degradation, erasure or destruction of information;
- Requires organisations to comply with the 37 duties under the 8 international privacy principles
- POPI has a close connection with various other compliance legislation
- Process personal information in a legal and reasonable manner.
- Only process personal information for a specific, explicitly defined and lawful purpose.
- Take steps to ensure that the data subject is aware of that purpose.
- Ensure that any further processing of personal information is compatible with the stated purpose of collection.
- Ensure that personal information remains complete and accurate.
- Notify the data subject and the regulator that you are collecting personal information and record the purpose of collection.
- Protect the security and integrity of personal information.
- Provide for data subject participation in the collection of personal information to ensure purpose, accuracy and relevance.
Does your Organisation process personal information?
If you do, you will have to comply with POPI.
Your Organisations have personal information about:
... so it affects every area of your business.
- Assigning responsibility
- Why do I need to comply?
- In what way does POPI affect my internal and external processes?
- What is the cost of compliance?
- What will happen if I don’t comply?
- What do I do first?
- Where is the information located?
Traditional approach - siloed capabilities
Click on the image to enlarge...
- Reduce risks – compliance, reputation, fraud, legal (penalties and damages).
- Demonstrate good governance and exercise Duty of Care (King III).
- Uncover “secret/unknown” data stores for better enterprise wide use.
- Enable unified know your client initiatives for better business decisions – Strategy and product.
- Avoid costly technology acquisition decisions – maximise ROI.