The Protection of Personal Information Act (POPIA) defines how businesses, charities, public bodies and other organisations, can and can’t use personal information. It’s a framework for how personal information should be collected, processed, stored and shared. POPIA is designed to strengthen the rights of individuals. POPIA has been a legal requirement since 2021.
Both private and public organisations must comply. The deadline for compliance was the 1st of July 2021. Our consultants are personal information protection experts who support organisations across a range of industries.
POPIA compliance is a whole-business undertaking that spans your organisation’s people, processes and technology. A three-step process is recommended for POPIA compliance, starting with a POPIA gap analysis. This is where experienced personal information protection consultants will map your current compliance state against POPIA requirements and create a plan. The next step is the POPIA Implementation, where the plan is put into place. The key to a successful POPIA implementation is educating your staff and getting buy-in from senior management. The last step is the POPIA Audit, to confirm your implementation is working as expected.
There is no formal certification for POPIA, meaning that POPIA compliance is an on-going, always-on part of your business operations. Our managed privacy compliance service is a great way to help maintain POPIA compliance.
Our POPIA gap analysis service explores your business policies, processes, resources, governance and technology to identify areas of non-compliance.
You will receive a comprehensive report showing your current level of compliance against the requirements of POPIA.
This service is perfect for organisations that are just getting started in their compliance journey.
A POPIA implementation project typically follows on from a gap analysis. The purpose of an implementation project is to develop the necessary policies, procedures, processes, and documentation to achieve and maintain POPIA compliance.
We take a fully customised approach to POPIA implementations to address your specific business needs. An implementation project will also train your staff to ensure personal information protection becomes second nature throughout your business.
Once you have implemented a POPIA framework and achieved a satisfactory level of compliance,
it’s important you regularly assess your position to make sure it is being maintained.
That’s where our POPIA audit service can help.
Our team of experts can help you reassess your compliance framework once or twice a year and check that staff are following policies and procedures.