8 Principles of POPI

POPI

POPIA EIGHT PRINCIPLES

Being fully compliant with Protection of Personal Information Act no. 4 of 2013 (POPIA) there are 8 Principles defined within the Act which must be addressed to be compliant. These are well-accepted attributes which are adopted throughout South Africa as the guidelines for a successful POPIA implementation.

Principle 1: Accountability

The organisation must appoint a party (Information Officer) who will be responsible for ensuring that the information protection principles within POPIA and the controls that are in place to enforce them are complied with.

Principle 2: Processing Limitation

The second principle deals with the lawfulness of processing, minimality of information collected, consent, justification and objection, and the collection of personal information directly from the data subject.

Principle 3: Purpose Specification

The third principle provides that personal information must be collected for a specific purpose and the data subject from whom the personal information is collected must be made aware of the purpose for which the personal information was collected.

Principle 4: Further processing limitation

The fourth principle regulates the further processing of personal information. If a responsible party further processes personal information, such processing must be compatible with the purpose for which the information was collected in principle 3.

Principle 5: Information quality

The fifth principle provides that the responsible party must take reasonable steps to ensure that the personal information that has been collected is complete, accurate, not misleading and up to date. In so doing, the responsible party must take into consideration the purpose for which the personal information was collected.

Principle 6: Openness

The sixth principle provides that the responsible party must be open about the collection of personal information by notifying the Regulator if it is going to process personal information and, if personal information is going to be collected, the responsible party must take “reasonably practicable steps to ensure that the data subject has been made aware that his or her personal information is going to be collected. The responsible party should for example, take reasonable steps to make the data subject aware of its name and address, and the purpose for which the personal information being collected.

Principle 7: Security Safeguards

The seventh principle provides that the responsible party must ensure that the integrity of the personal information in its control is secured through technical and organisational measures.

Principle 8: Data Subject Participation

The eighth principle provides that data subjects have the right to request that a responsible party confirm (free of charge) whether it holds personal information about the data subject, and he or she may also request a description of such information.

WHAT ARE THE CONSEQUENCES OF NOT BEING POPIA COMPLIANT?

The consequences of non-compliance are significant, and may even result in the loss of a licence to trade (where applicable). Even if the penalties are paid, the loss of reputation is huge and this can have a devastating effect on any organisation. According to POPIA the organisation must first inform the Information Regulator and then also inform every person on that might be affected when there was an information/data loss.

The following are the consequences for not being complaint:

  • Administrative penalties
    • Fines up to R10 million and/or 10 years in jail per incident.
  • Enforcement notices
    • Stop processing personal information.
  • Civil Action
    • May be bought on by data subjects for “distress” pay out millions in damages to a civil claim action.
    • Suffer reputational damage.
  • General concerns
    • Loss of reputation and subsequent loss of customers and possible failure of the

How Can We Assist You?

Naveg ISMS will assist your organisation to achieve POPI Compliance. Our approach to the challenges of POPIA and GDPR implementation is that the solution is aligned with other Management Systems within the organisation. By Management System we mean the collection of Policies, Procedures, People, Processes and Application or Technology systems applied to enterprise business operations.

We strive to save cost within the client’s enterprise operation by re-using the existing enterprise system application, unless if the desired goal cannot be realised with the existing system solution.

Our team includes Legal specialists, Chartered Accountants, IT specialists, ISO 27001 Lead implementers and Assessors, Privacy specialists, Process mapping specialists, Security analysts, Testers, Internal Audit specialists and Forensic specialists ready to assist your organisation with POPIA and GDPR compliance

Contact us today for a free initial assessment of your organisation.

Naveg ISMS Consult

Address: Ground Floor, 4 Quadrum Office Park, 50 Constantia Boulevard, Constantia Kloof Ext 28, JHB

Tel: + (27) 011 678 0653/ +27 78 178 3979

email: info@naveg.co.za | info@isms-consult.co.za

Website: www.isms-consult.co.za | www.naveg.co.za

Twitter: @ismsconsult / Facebook: @ismsconsult

 

 

 

 

Leave a Comment

Your email address will not be published.

You may use these HTML tags and attributes: <a href=""> <abbr> <acronym> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Send a Message
css.php