Company Registration at CIPC, SARS, COID, CUSTOMS, CIDB & More
Get Compliant from Anywhere, Easy and Fast!

Practical Steps to get your Company POPI Compliant

Compliance with POPIA (Protection of Personal Information Act) has had everyone in a flat spin, causing a lot of confusion since the POPI Act came into effect in July 2021.

practical steps

Kindly note: This article does not constitute legal advice, and it should not be interpreted as such. This is the opinion of Company Partners based on its experience and should be accepted as such. It is recommended that you approach a suitably qualified legal practitioner and/or POPI specialist for assistance with your compliance.

Due to a lack of practical guidance provided by government on how a Small Businesses (who cannot afford an expensive POPI Compliance Specialist) should go about getting their compliance in place, many SME’s in South Africa have been in a panic, trying to figure out exactly what is needed to ensure they comply with POPI.

We interviewed Matthew Schoonraad from Company Partners’ POPI Division to get some “How-to” tips on POPI Compliance.

What are some of the practical steps to become compliant? 

In general terms you will have to look at putting the following in place (not a closed list) to finalise the POPI Compliance process:

  1. Register with the Information Regulator as the Information Officer (i.e. the head of the business) – https://www.justice.gov.za/inforeg/portal.html ;
  2. Update all employment contracts with contract provisions relating to POPI (e.g. You hereby consent that we may process your personal information during the course and scope of employment for XYZ reason…);
  3. Emails – Put a proper email footer in place which informs the receiver of their obligation;
  4. Website – Put a privacy policy on your website that is easy to access which sets out the client’s rights and obligations / what you will do with their personal information etc.;
  5. Website – Make sure you have updated Terms of Use / Terms and Conditions accessible on your website which stipulates how the services will be completed/ how does refunds take place/ who is the Information officer etc;
  6. PAIA Manual – Prepare a PAIA manual for your company, which is basically a roadmap of which data you store / how can a third-party access that data etc. (check first if you’re exempt of compiling one / if the deadline for implementation has been extended again);
  7. Information and Communication Technology – make sure all your ICT has security protocols in place like anti-virus / passwords / limited access by staff etc.
  8. Contractors / suppliers – put contracts in place with Third Parties which deal with the sharing of data with third parties / who is responsible for what / what safeguards will they put in place etc.
  9. Clients – ensure all clients consent to you processing their personal information / they are aware of their rights relating to their information / they know for what purpose you need the information etc.

 

Not sure if you have the correct POPI Compliance in place? Click HERE to get our POPI Expert to do an Audit on your Company.

 

POPI Compliance sounds expensive, If I have a small business with limited budget, what are my options then?

There has been a small amount of qualified legal practitioners, such as myself, who have adjusted our normal extensive and expensive POPI Compliance process into a “let’s cover the basics for cheap” process. That would be the best route for start-ups and SMME’s to take, or rather that is my biased opinion.

The alternative is to navigate through the POPI Act yourself.

 

What are some of these POPI Basics which you cover for “cheap”?

Company Partners offers two affordable options for South African SMME’s:

Comprehensive POPI Implementation (cover everything for trading companies) @ R2590

Includes the following:

  • Website POPI compliance review.
  • Email disclaimer for your Company Emails.
  • Company policy on POPI.
  • Employment contract provisions to be added to your employment contracts.
  • Information officer registration certificate + duties/responsibilities.
  • Information appointment letter.
  • Internal Communication protocols and agreements.
  • External Communication protocols and agreements.

Basic POPI Implementation (cover basics for start-ups) @ R990

Includes the following:

  • Website POPI compliance review.
  • Email disclaimer for your Company Emails.
  • Company policy on POPI.
  • Employment contract provisions to be added to your employment contracts.

 

Need assistance with POPI Compliance Implementation? Click HERE to get immediate assistance from our POPI Experts.

 
In conclusion, POPI compliance is not a “copy-and-paste” job. Each business is different and as such the compliance will differ.
Sign up for a Free consultation with our POPI Experts today!
Cresta Help Chat
Send via WhatsApp