Protection of Personal Information Bill
Demistifying POPI
| Protection of Personal Information Bill (POPI) |
| POPI's impact |
| Challenges organisations face with POPI |
| The Deloitte approach |
| The Deloitte difference |
| The Benefits to your organisation |
| Contacts |
What is the Protection of Personal Information Bill?
- Legislates the constitutional right to privacy
"Processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including -
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as blocking, degradation, erasure or destruction of information;
- Requires organisations to comply with the 37 duties under the 8 international privacy principles
- POPI has a close connection with various other compliance legislation
8 Principles of POPI
- Process personal information in a legal and reasonable manner.
- Only process personal information for a specific, explicitly defined and lawful purpose.
- Take steps to ensure that the data subject is aware of that purpose.
- Ensure that any further processing of personal information is compatible with the stated purpose of collection.
- Ensure that personal information remains complete and accurate.
- Notify the data subject and the regulator that you are collecting personal information and record the purpose of collection.
- Protect the security and integrity of personal information.
- Provide for data subject participation in the collection of personal information to ensure purpose, accuracy and relevance.
POPI's impact
Does your Organisation process personal information?
If you do, you will have to comply with POPI.
Your Organisations have personal information about:
- Shareholders
- Employees
- Customers
- Suppliers
... so it affects every area of your business.
Challenges Organisations Face with POPI
- Assigning responsibility
- Why do I need to comply?
- In what way does POPI affect my internal and external processes?
- What is the cost of compliance?
- What will happen if I don’t comply?
- What do I do first?
- Where is the information located?
The Deloitte approach
Traditional approach - siloed capabilities
Click on the image to enlarge...
The Deloitte difference
Benefits to your organisation
- Reduce risks – compliance, reputation, fraud, legal (penalties and damages).
- Demonstrate good governance and exercise Duty of Care (King III).
- Uncover “secret/unknown” data stores for better enterprise wide use.
- Enable unified know your client initiatives for better business decisions – Strategy and product.
- Avoid costly technology acquisition decisions – maximise ROI.
Contacts
| Kris Budnik Tel: +27 (0)11 806 5224 kbudnik@deloitte.co.za |
Chomel Minnaar Tel: +27 (0)11 806 5400 cminnaar@deloitte.co.za |
| Dean Chivers Tel: +27 (0)11 806 5159 dechivers@deloitte.co.za |
Liezl de Graaf Tel: +27 (0)11 517 4096 lidegraaf@deloitte.co.za |
Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.