1. Formalise your POPI Act compliance project
- Identify your relevant stakeholders
- Identify your project sponsor
- Identify your project manager
- Set high level scope, timescale, budget
2. Appoint an Information Officer
- Ensure alignment between your Promotion of Access to Information Act (PAIA) and POPI Information Officer (IO)
- Decide whether the CEO can fulfill the IO function or needs a Deputy/Deputies (DIO)
- Agree IO/DIO roles and responsibilities
- Complete the formal appointment process
3. Perform a gap analysis versus the POPI Act
- Set interim and final targets for compliance with the POPI Act. This does not mean slavishly shooting for 100% regardless of costs and benefits!
- Engage with stakeholders in the assessment
- Use an evidence-based approach
- Use the assessments for ongoing compliance monitoring
4. Analyse what and how Personal Information is processed
- Use a broad definition of record types as per the POPI Act (e.g. CCTV, biometric)
- Look at various aspects as required by the POPI Act (including consent, purpose, source, sharing, destruction)
- Consider user rights and their management
- Think broadly in terms of the types of devices where data is stored – and represents a security compromise risk
5. Implement POPI Act compliance policies
- Review existing relevant policies
- Ensure your policies are reasonable and appropriate
- Make sure your policies are enforceable
- Design your Privacy Notices for diverse stakeholder groups
6. Review your web sites
- Develop your checklist of what to review
- Agree the rating scheme to be used
- Use the opportunity to implement “best practice” such as Cookie notifications
- Develop and implement your remediation plan
7. Update / create your PAIA manual
- Confirm your organisation needs a Promotion of Access to Information Act (PAIA) manual and by when
- Confirm whether you are a Public or Private Body as per the PAIA
- Review the proposed contents of your manual
- Ensure your PAIA manual follows the prescribed layout and includes the necessary details
8. Implement POPI compliant PI management processes
- Look at the PI lifecycle: including acquisition, processing, retention, and destruction practices
- Develop reasonable and appropriate measures to ensure ongoing compliance
- These could include self-assessments, health-checks, formal audits
- Develop your dashboard for compliance
9. Train stakeholders about their roles in POPI Act compliance
- Design training according to their needs
- Ensure you treat user education not as a once-off series of activities but part of an ongoing commitment
- Leverage diverse training methods, including self-study, online, classroom, audio and video
- Look to special needs such as the IO/DIO roles
10. Make POPI Act compliance “Business-As-Usual”
- Recognise that POPI Act compliance will be the “new normal” and work that way
- Build compliance into your products, services and processes – adopt “Privacy By Design”
- Ensure ongoing monitoring of the data protection / POPI ecosystem – legislation, regulations, opportunities and threats
- Build POPI into your everyday operations – make POPI “Business-As-Usual”
THE PROTECTION OF PERSONAL INFORMATION ACT
CUSTOMER PRIVACY NOTICE
This Notice explains how we obtain, use and disclose your personal information, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”).
At COR Concepts (and including this website, POPIAct-Compliance) we are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently.
About the Company
COR Concepts Information Management Consulting cc
The information we collect
We collect and process your personal information mainly to contact you for the purposes of understanding your requirements, and delivering services accordingly. For this purpose we will collect contact details including your name and organisation.
We collect information directly from you where you provide us with your personal details. Where possible, we will inform you what information you are required to provide to us and what information is optional.
Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.
How we use your information
We will use your personal information only for the purposes for which it was collected and agreed with you. In addition, where necessary your information may be retained for legal or research purposes.
- To gather contact information;
- To confirm and verify your identity or to verify that you are an authorised user for security purposes;
- For the detection and prevention of fraud, crime, money laundering or other malpractice;
- To conduct market or customer satisfaction research or for statistical analysis;
- For audit and record keeping purposes;
- In connection with legal proceedings.
Disclosure of information
We may disclose your personal information to our service providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with the privacy requirements as required by the Protection of Personal Information Act.
We may also disclose your information:
- Where we have a duty or a right to disclose in terms of law or industry codes;
- Where we believe it is necessary to protect our rights.
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
- Physical security;
- Computer and network security;
- Access to personal information;
- Secure communications;
- Security in contracting out activities or functions;
- Retention and disposal of information;
- Acceptable usage of personal information;
- Governance and regulatory issues;
- Monitoring access and usage of private information;
- Investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
Your Rights: Access to information
You have the right to request a copy of the personal information we hold about you. To do this, simply contact us at the numbers/addresses as provided on our website and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.
Please note that any such access request may be subject to a payment of a legally allowable fee.
Correction of your information
You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to personal information we may hold about you. We would appreciate it if you would keep your personal information accurate.
Definition of personal information
According to the Act ‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. Further to the POPI Act, COR Concepts also includes the following items as personal information:
- All addresses including residential, postal and email addresses.
- Change of name – for which we require copies of the marriage certificate or official change of name document issued by the state department.
How to contact us
If you have any queries about this notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our website.
Get a Quote
Contact us today to tell us more about your business and start designing your project!
Ndolena® is a digital marketing agency that offers innovative info-graphic designs and manages highly advanced marketing campaigns for world-class companies. We are based in Johannesburg, South Africa.
Ndolena Design (pty) ltd. is a proud B-BBEE Level 1 (135%) contributor .
We assist our clients in achieving their marketing goals by developing a great image for their company, as well as reaching their target markets. This is done through branding and online growth.
41 Sloane Street
Cell: 072 686 0058
Tel: 011 054 2546
Review your consent
Why trust Ndolena?