Do you understand your ‘as-is’ state of Information Privacy Maturity?
Only 34% of organisations feel they are going to be ready to meet the PoPIA requirements*
77% believe their organisation will suffer reputational damage if fines for non-compliance were imposed*
COVID-19 has forced business into remote working and online trading, bringing with it a significant increase in cyber-crime and the risk of breach
1. Must my organisation comply with POPIA?
For many, the answer will be yes, but some may be surprised to find out that they don’t need to comply with the POPI Act. POPIA, unlike the GDPR, does not apply extraterritorially, which means that it only applies to organisations in South Africa. Essentially, if you are domiciled in South Africa or you process personal information in South Africa, then you need to comply with POPIA. In addition, the processing of some personal information is excluded. For example, if you are processing purely for a personal reason or as a household activity, then POPIA won’t apply to you
2. Am I the right person to be responsible for this?
Every organisation has an Information Officer by default, and they are responsible for ensuring that your organisation complies with POPIA. If you are currently the Information Officer, now is the time to ask – Do I want to continue to be the Information Officer? If yes, the question is – Am I the right person to be the Information Officer? If no, the question is – Who should I appoint as the Information Officer? Talk to Intdev for help!
3. What is the impact on my organisation?
You need to know the impact of POPIA on your specific organisation so that you can decide what the next best steps are. Complying with POPIA is not a case of one size fits all. Different organisations need to take different actions to comply. For example, what a small enterprise (or SME) has to do is very different from what a medium or large-sized organisation has to do. An organisation’s actions are also dependant on the foundations already built to protect personal information. Some organisations may have many securities in place while others are new to the issue.
4. What are my organisation’s next steps?
As we’ve said, there are many possible roads to go down. But don’t panic – there is time. At Intdev, we believe that data protection is like personal fitness – it takes time to get fit! To learn more, have a look at our top tips for data protection projects. And if you’re wondering ‘how much does data protection compliance cost?’ then we have the answer for that too!
The RUBIQ Information Privacy Solution combines technology, subject matter expert advisory, a structured and proven approach, templates, guides, business intelligence and extensive module functionality to deliver a dynamic and robust data privacy management solution focusing on the field of Privacy and Data Protection law both in South Africa (PoPIA Act) and internationally (EU General Data Protection Resolution (GDPR)).
The PoPIA Act has commenced and organisations need to comply by 30 June 2021