Short Programme In POPI Act Implementation of Information Privacy Management System (POPI, PIMS)

DESCRIPTION

The Short Programme in POPI ACT Implementation is designed to prepare its participants to implement the POPI ACT Privacy Information Management System (PIMS) in compliance with the requirements and guidance of the 2013 POPI ACT. Participants will gain a comprehensive understanding of the best practices of privacy information management and learn how to manage and process data while complying with various data privacy regimes.

After the POPIA commencement date or effective date there is a 12-month grace period – so the POPIA deadline is at the end of the grace period. POPIA (South Africa’s data protection law) will only be in force about eight years after it was enacted in 2013.

1
1.1 INTRODUCTION TO POPI ACT
5 min

PREAMBLE

PREAMBLE RECOGNISING THAT—

• section 14 of the Constitution of the Republic of South Africa, 1996, provides that everyone has the right to privacy.

• the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information.

• the State must respect, protect, promote, and fulfil the rights in the Bill of Rights.

The Protection of Personal Information Act (or POPIA or POPI Act) in South Africa sets conditions for how you can lawfully process personal information.

As an employer, ask yourself:

  • Is there a formal policy for the processing of personal information?
  • Does your policy for processing of information identify why the information may be processed, i.e. consent, legislation, contract?
  • For which purposes does your business process the different categories of information?
  • How does your business assess whether the type of personal information is adequate for, and relevant to, the purpose for which it is collected?
  • How does your business ensure that the type of information requested and provided is not excessive for the purpose it was collected for?
  • Does your business have procedures in place for de-identifying personal information?
  • Does your business obtain the consent of individuals before processing their personal information?

The privacy legislation conversation largely revolves around the General Data Protection Regulation (GDPR) recently put in place by the European Union. Although it's the most comprehensive and sweeping regulation in place, it is far from the only one.

If you live or operate a business in South Africa, you will soon have your own legislation to contend with. And a survey conducted in early 2019 suggests that only 34 percent of South African organizations are ready for it.

In 2013, South Africa passed the Protection of Personal Information Act (POPI). Although it predates the GDPR, it's often referred to as South Africa's GDPR equivalent. The goal of the POPI Act is to protect data subjects from security breaches, theft, and discrimination. To accomplish this, it outlines eight principles that South African data processors must follow.

Each principle encourages responsibility, security, and consent. It also provides special protections for distinct categories of data as well as the data of children.

What is POPI, and what does it mean for South African institutions and data processors?

What is the POPI Act

1
What is the purpose behind POPI?
5 Min

PREAMBLE

PREAMBLE RECOGNISING THAT—

• section 14 of the Constitution of the Republic of South Africa, 1996, provides that everyone has the right to privacy.

• the right to privacy includes a right to protection against the unlawful collection, retention, dissemination and use of personal information.

• the State must respect, protect, promote, and fulfil the rights in the Bill of Rights.


2
1.2 What is the purpose behind POPI?
3
1.4 The POPI Act’s Eight Conditions for Lawful Processing
4
1.4.1 Condition 1 and Condition 2
5
Condition 3 Purpose specification and Condition 4 Further processing limitation
6
1.4.3 Condition 4: Information Quality and Condition 5: Openness
7
1.4.4 Condition 7: Security Safeguards and Condition 8: Data Subject Participation
8
Lesson 2: How to Comply with South Africa’s POPI Act
9
Lesson 3: If I’m GDPR Compliant, Am I Also POPI Compliant?
10
Lesson 4: What Happens If You Don’t Comply: Fines and Punishments?
11
Lesson 5: Pre POPI-Act: Access to Information
12
Lesson 6: Compliance to the Act
13
Lesson 7: What is Personal Information?
14
Lesson 8: Why is POPI Act important?
15
Lesson 9: How are Internal Auditors impacted?
16
Lesson 10: RECOMMENDATIONS
Does your policy for processing of information identify why the information may be processed, i.e. consent, legislation, contract? • • How does your business assess whether the type of personal information is adequate for, and relevant to, the purpose for which it is collected? • • Does your business obtain the consent of individuals before processing their personal information?

undefined

Be the first to add a review.

Please, login to leave a review
Add to Wishlist
Enrolled: 29 students
Lectures: 17
Level: Intermediate

Archive

Working hours

Monday 8:00 am - 4.30 pm
Tuesday 8:00 am - 4.30 pm
Wednesday 8:00 am - 4.30 pm
Thursday 8:00 am - 4.30 pm
Friday 8:00 am - 4.30 pm
Saturday Closed
Sunday Closed
This website uses cookies and asks your personal data to enhance your browsing experience.