What does it take to be POPI Compliant?

The POPI Act continues to raise alarm bells for several SMEs, so we wanted to share with you some of the key steps to becoming POPI compliant.
What is the POPI Act (‘POPIA’)?

The POPI Act is a comprehensive privacy law that is mandatory for all businesses within the private and public sector that process personal information in South Africa. It seeks to protect and regulate the processing of personal information, falling into the broader Constitutional right to privacy.

The POPI Act requires businesses to regulate how information is organised, stored, secured, and discarded. This ensures that the business can maintain the integrity and confidentiality of its clients’ and employees’ personal information by preventing loss, damage, and unauthorised access to the personal data. The Act therefore guarantees that personal information will be used in a responsible and ethical manner by businesses from the time it is collected until the time it is destroyed.

Steps to becoming POPI compliant

  1. Work out whether your business needs to comply with POPI or not, and if so, how

If your business is based in South Africa, then yes – POPI affects you. But, unlike GDPR, POPI is not applicable extraterritorially. If your headquarters are in South Africa or you process personal information and data in South Africa, then you need to comply with POPI.

It’s important to understand, however, that different businesses will have to meet different requirements. SMEs are subject to different requirements than large-scale enterprises, your existing security framework and data protection mechanisms may also already tick some of the boxes required.

  1. Up-skill yourself and your team

Ensuring you and your team understand the requirements of POPI will empower you to make decisions and act in the best interests of your business and your clients while complying with POPI. Ensure there is adequate staff training and education around how to store customer information effectively and securely and what is and is not allowed to be shared.

  1. Figure out who your “POPI person” will be

Every business needs an Information Officer. It may seem like overkill, but it’s not. Your data (and your clients’ data is valuable). By appointing an information officer, you’re not only acknowledging this but also ensuring you are taking responsibility for it. Of course, you need to make sure you empower and up-skill the person you select to make decisions regarding information security. You may want to engage a professional cybersecurity partner to help in this regard.

  1. Work out the specific steps your company needs to take to comply

This might seem scary, but practice makes perfect. And help is available. If you’re unsure of how to start, choose an IT partner that understands your business and sector to help you along the journey.

For example, you should only store the most up to date information of your current employees and customers. Once a staff member has resigned or a customer is no longer on your books, their information is no longer necessary for you to keep.

  1. Nail the basics

There are some basics you can implement that will go a long way in helping you to cover your POPI basics, such as encrypting data (including emails, customer databases and contact info of external people) and engaging a cybersecurity expert to train your employees on how to handle personal information and secure any breaches.

How your IT partner can help you

  • We can provide you and your team with the necessary POPI training
  • We can also help you encrypt data to ensure the confidentiality of your customers information
  • Lastly, we can help you with the necessary security measures to protect your data from any outside sources or attempted cyber-attacks.

To be prepared takes a clear action plan, backed by a good IT strategy. Rito-Technologies is an IT business partner who maximises business output through technology. They enable their clients to be secure with their IT Strategic Planning, which is guaranteed to increase your accessibility, productivity, and levels of communication with the right level of technology for business and potential customers.

For more information about our IT Strategic Planning or our POPI solutions, please get in touch with us at info@rito-tech.co.za and we will gladly assist you.

If you enjoyed reading this blog and would like to receive future blogs, please register here now.