Protection of Personal Information Act No.4 of 2013. (“POPI”)
The goal of the POPI Act is to protect data subjects from security breaches, theft, and discrimination. To accomplish this, it outlines eight principles that South African data processors must follow:
- Accountability = assigning ownership in your organisation;
- Processing Limitation = processing information for lawful reasons and in a manner that does not infringe privacy;
- Purpose Specification = only obtaining and holding personal information for a specific purpose;
- Further Processing Limitation = Further processing of personal information must be compatible with the purpose for which it was collected;
- Information Quality = ensuring that information is complete and accurate;
- Openness = informing individuals that their information has been obtained and the purpose thereof;
- Security safeguards = the integrity of personal information must be secured using appropriate, reasonable, technical and organisational measures;
- Data Subject Participation = a data subject has the right to request access to their personal information that you hold; to request the information is deleted or corrected if appropriate.
At EGRA, we can perform a formal review of your current systems in place to protect personal data. AS a result, you will know what to do to ensure that you are compliant to the requirements of the Act.
In addition, we can provide consulting services to get to the point where your Information Officer can declare that all has been done to ensure the safety of any personal data as managed by the company.
082 887 1770