Is Your Company POPIA Compliant? Here Are Three Tips to Help You Get There
.jpg?cache=always)
The grace period for the POPI Act (POPIA) is now officially over (as of 1 July 2021), and all companies are now legally required to protect all personal data. Still unsure about what POPIA is? It’s the Protection of Personal Information Act, and it’s been crafted to protect personal information. It strikes a balance between the right to privacy and the need to access information, and it regulates how your info is processed. The crucial thing to remember: if your company isn’t up to speed, you could face hefty fines. We know that this can get a little complicated, but we’re here to help. The easiest way to do this is to hire a company to provide a full POPIA assessment and toolkit: legal firms like ENS Africa and Michalsons are two examples. However, if you’d rather focus on doing this as an in-house project, here are three quick and easy ways to help your company with POPIA.
1. Put someone in charge of compliance, and then start creating awareness.
Even though this is something that all team members should be aware of, there needs to be one person in charge: this is called an information officer. This officer makes the changes necessary for POPIA and continually monitors and maintains the POPIA policies. Once that person is found, one of their additional tasks is to set up training workshops to teach all your staff about what the data privacy legislation is about and what needs to be done.
2. Do a company-wide assessment and then create a POPIA framework.
This is an in-depth audit and risk assessment of how your company deals with private information, both with your clients and employees. You’ll need to investigate how data is collected, check if you’re getting the right kind of customer or client consent, and explore how you are storing and processing this information (and what you’re using it for). You’ll also need to investigate how long you keep this info and how it’s destroyed once you’re done with it. These are just a few examples of what you’ll need to consider: there’s a wide range of subjects to tackle, right from CCTV camera policies through to cookie policies. For more information, check here. Once the gaps have been identified, you’ll need to create a new framework of office policies to fix the gaps and to make sure everyone knows what to do in their roles to remain POPIA compliant. You may also need to update employment contracts, supplier agreements, and the privacy notice on your website.
.jpg?cache=always)
3. Invest in the right tools.
As part of this process, you’ll need office tools to help protect digital and physical information. We recommend investing in an efficient shredder to destroy physical copies of personal information. If you have heavy-duty shredding needs, we can also come to your work and do all the bulk document destruction for you, safely and securely, as part of our on-site ONSecure service. Our mobile units can safely shred up to two tonnes of documents every hour. You’ll also need security software, products that help defend against viruses, spyware, ransomware and hackers. Our recommendation for you: Kaspersky Anti-Virus Security Software 2021. And then lastly, you’ll need to think carefully about office storage: all your files will need to be kept safely and securely. We love the Verbatim Secure Hard Drive – it’s a portable drive with a keypad for access – and the Verbatim Fingerprint Secure USB3.0 Hard Drive with high-end encryption. For physical file storage, you’ll need to buy lockable file storage cabinets. But there’s more; you can also invest in Cable Locks, Digital Door Locks, Security Office Safes, Privascreen Privacy Filters, and Anti-Theft Laptop Backpacks.