After learning more about POPIA over at popia.co.za, we came to understand how important this Act really is. We are all FOR Protecting Personal Information from being sold and misused.
This is our effort to fully support this cause.
The Purpose of POPIA is to ensure Personal Information remains private, whilst providing you with more control and access to your information. You have the right to know how and what informations is being collected, processed, stored and shared and with only authorised persons.
The policy is the most important part and the place to start compliancy but apart from this you will appoint and register your information officer.
Key steps to compliancy are listed below.
Your website’s compliance is only one step to ensure your business complies with POPIA Regulations. Please see section below on the Key Steps to Compliancy.
We work exclusively with WordPress websites, we could potentially help you to convert your Website to WordPress in order for you to be able to handle future minor updates to your website.
This person will take on the responsibility to ensure POPIA Compliancy and handle all Privacy requests and is to cooperate with the Information Regulator of South Africa should any investigations arise. Your Information officer will have to be registered at the Information Regulator by completing the pdf below. This completed PDF can be emailed to firstname.lastname@example.org Link to PDF: InfoRegSA-eForm-InformationOfficersRegistration-2021
Personal Information can be processed and is most often required to fulfil a service or deliver a product. But, it may only be processed on a lawful basis and shared only with relevant third parties if this is required to perform a service or deliver a product. Informing your clients and website visitors on how and what personal information is collected and processed is required. You should also ensure the information you hold is not excessive, yet complete and up to date.
(Data Subject is the cold term used in the policy to describe any website visitor, client or lead) A Data Subject has the right to access its personal information. You should not withhold access and respond to these requests.
In the event of a Security breach, you are to Notify the Information Regulator of this breach. You will also need to notify your Data Subjects that you have reason to believe that their personal information has been accessed by an unauthorised party. This will ensure your Data Subjects can take the necessary steps to protect themselves.
(A Data Operator is any person that you entrust your Data Subject’s Personal Information to work with on your behalf.) As an example, if you are a Bold Mark creative Client, you should get an operator agreement from us to ensure we process any of your Data Subject’s Personal information in accordance with POPIA.
There are some exceptions to this rule. You may only transfer Personal Information to a foreign entity or person if you are required to do so in order t perform a service or contract provided that this information is adequately protected and handles in accordance with POPIA.
Keeping a record on how you process personal information, and for what reasons. This wil help you demonstrate compliancy to the Regulator.