Access to information and the protection of certain types of information in South Africa are mainly regulated by the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPI).
The POPI Act is South Africa’s equivalent to the European Union General Data Protection Regulation (EU GDPR). The Act sets a number of conditions for you to lawfully process the personal information of data subjects (both juristic and natural persons).
The POPI Act has the biggest impact on organisations that process loads of personal information, especially personal information, account numbers, children’s information, etc. and the most affected industries are healthcare, financial services and marketing. Every business and organisation, irrespective of their nature, have in their possession certain information that must be protected in their own interest, which include but is not limited to–
- business trade secrets
- personal information of other entities or individuals, such as employees, clients, customers, etc.
The POPI Act will probably take effect later in 2019, after which you’ll have a 12-month grace period for implementation. The Act will be regulated by an Information Regulator, with your organisation’s Information Officer being the key person who must ensure compliance.
Failure to comply with this legislation could have far-reaching criminal and civil implications for the organisation’s head and directors. Businesses are compelled by law to compile, submit and streamline certain documents on a regular basis.
For businesses and organisations to be fully information compliant, they will have to assess all of the following:
- Commercial activities
- Employment contracts and policies
- Corporate governance documents and structures.
Alignment across the total spectrum of organisational activity is therefore essential for businesses and organisations to survive in an ever-growing and regulated technologically advanced and challenging environment.
Policies developed in terms of the PAIA and POPI are very important legal documents and require specialised attention to withstand future legal scrutiny and fully protect the business or organisation. These documents form the foundation of information compliance, while the synergy and alignment of all documents form the cornerstone of protection.
SERR Synergy assists businesses and organisations to compile and update information manuals as required by PAIA, and also assists entities to fully comply with procedures as required by POPI by setting up an Information Security Management System (ISMS) and associated policies where the physical information and cybersecurity risks of organisations are identified and managed to maintain the confidentiality, integrity and legitimate availability of data.
Whilst the focus of the POPI Act is on compliance, our approach is to implement compliance in such a way that it delivers business value and doesn't become a cost centre or overhead, but rather allows for improvements in efficiencies and effectiveness so as to meet the POPI compliance requirements.
Our value-adding popi and paia service
All services and legal work relating to the implementation of your customised Information Compliance strategy are included in our fees.
The following services are included:
- Compiling an information manual as required by the Act
- Submission of the manual to the Human Rights Commission and regulatory body
- Providing the manual in electronic format for publication on entities’ websites
- Publication of the manual in the Government Gazette (optional)
- Updating the manual on a regular basis
- Submission and publication of updates
- Assistance with enquiries and requests in terms of the Act
- Assistance with disputes and enforcement by the regulator and authorities.
Assisting the entity to comply fully with the following procedures as required by the Act:
- Compiling a policy document regulating the above
- Regular updates
- Assistance with any disputes regarding the implementation of the Act
- Assistance with any disputes or aspects relating to enforcement by the regulator and authorities.