Practical Steps to get your Company POPI Compliant

In general terms you will have to look at putting the following in place (not a closed list) to finalise the POPI Compliance process:

1. Register with the Information Regulator as the Information Officer (i.e. the head of the business).
2. Update all employment contracts with contract provisions relating to POPI (e.g. You hereby consent that we may process your personal information during the course and scope of employment for XYZ reason…);
3. Emails – Put a proper email footer in place which informs the receiver of their obligation;
4. Website – Put a privacy policy on your website that is easy to access which sets out the client’s rights and obligations / what you will do with their personal information etc.;
5. Website – Make sure you have updated Terms of Use / Terms and Conditions accessible on your website which stipulates how the services will be completed/ how does refunds take place/ who is the Information officer etc;
6. PAIA Manual – Prepare a PAIA manual for your company, which is basically a roadmap of which data you store / how can a third-party access that data etc. (check first if you’re exempt of compiling one / if the deadline for implementation has been extended again);
7. Information and Communication Technology – make sure all your ICT has security protocols in place like anti-virus / passwords / limited access by staff etc.
8. Contractors / suppliers – put contracts in place with Third Parties which deal with the sharing of data with third parties / who is responsible for what / what safeguards will they put in place etc.
9. Clients – ensure all clients consent to you processing their personal information / they are aware of their rights relating to their information / they know for what purpose you need the information etc.