In simple terms, the purpose of the PoPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing, sending and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way.
This right to protection of “personal information” is not just applicable to a natural person (i.e. an individual) but any legal entity, including companies and also communities or other legally recognised organisations. All of these entities are considered to be “data subjects” and are afforded the same right to protection of their information. As a company this would include protecting information about your clients, employees, suppliers, vendors, service providers, business partners, etc.
The safety and management of information relies on your organisations IT system. This is usually where a company takes the biggest risks.
We, South Africans, are now required by law to secure our IT networks from any unwanted attacks and prevent unauthorised access to our computers, network and data.
Incorporating PoPIA into the day-to-day operations of a business will require a significant amount of time and effort, including: educating and training staff, updating business processes, an implementing or updating security technology solutions.
To meet these obligations, you must take the following actions:
This may appear to be a large undertaking. A risk assessment, however, is a great opportunity for you to identify your company’s (and industry’s) security strengths and weaknesses and how they affect your bottom line. You’ll know where you need to make improvements and you’ll be confident that you can cope with the IT Security threats your business may face.
Know where your vulnerabilities are and dramatically reduce your risk