Implementing POPI and ensuring that it forms an integral part of your business operations will require a substantial amount of time and resolve.
Processes and systems might have to be amended and all interactions that involve the collection and or use of data will have to be critically reviewed including your HR processes.
There are some critical actions that should have been completed or be in process of amendment that should include:
- Analyse your data and personal information. Know what data is stored, in which system, used by which department and for what purpose the stored data is used. Can you justify the fit-for-collection criteria?
- Ensure all your staff understand the Act and the implications of the Act. have you exposed your staff to POPI training, and can you prove that they have a competent understanding of the act?
- Perform a complete POPI readiness assessment utilising legal, governance and ICT advice and guidance. Use the services of professionals to ensure you are ready and compliant rather than gambling and facing the consequences of the act.
- Review all service agreements, application forms or web sites you own that involve data collection and processing. Review and amend these artefacts including the justification for certain information that needs to be collected with clear roles, processes and responsibilities for everybody involved.
- Define the purpose of information gathering, processing and utilisation. Personal Information can only be gathered for specific and clearly defined, lawful purposes related to a function or process within the company.
If you require training for staff , readiness assessment or guidance please feel free to contact us for a no obligation discussion.