The protection of personal information act and south. Y triedandtested in various south african organisations. See the latest status from the information regulator. The protection of personal information act is south africas most complex and technical law and, it impacts everyone. Iact africas approach to adopting the popi act and privacy best practices is outlined here. While popi compliance is typically seen as a grudge task, it can in fact be regarded as more than good governance. The longawaited protection of personal information popi act regulations were published in september last year. They dont say much, but they do spell more than just sleepless nights for. Enforcement of the protection of personal information. Popi act compliance protection of personal information. Popi manual this manual was prepared in accordance with section 51 of the promotion of access to. Prepared in accordance with section 51 of the promotion of access to information act, number 2 of 2000 the act and the protection of personal information act, act no 4 of 201 popi. The protection of personal information act popi access to information under paia only, requires the process to be duly followed, as detailed in this document. In many organisations, popi act implementation and support skills and knowledge for carrying out these initiatives have not been developed yet as the subject of privacy and data protection protection of personal information is a relatively new area.
Protection of personal information act popi it is critical for organisations that process personal information of employees, customers or other juristic persons companies, trusts and so on to implement organisationwide privacy initiatives in order to comply with the conditions of the act. Law society of south africa lssa manual prepared in accordance with section 51 of the promotion of access to information act paia 22000. South africa, the popi act is the applicable south african legislation and any company operating within south africa is mandated to comply with this law. The protection of personal information act also referred to as the popi act aims to protect an individuals right to privacy regarding their personal information which may have been collected by a third party during a normal commercial transaction or by their hr department prior to, or during, the course of their employment. With the popi act explained this should help you in understand the process of implementing popi compliance within your company. The commission was inaugurated on 02 october 1995 under the human rights commission act 54 of 1994 and as provided for by the constitution of the republic of south africa act 200 of 1993. South african organisations and citizens have until 7 november 2017 to provide comment. Rendering services according to instructions given by clients. Protection of personal information act, 20 5 act no. We offer you a range of products around personal data security awareness.
The protection of personal information bill was around in 2009, which meant that the discussion had been going on for years before that. The protection of personal information act is technical and complex. This new law regulates the processing of personal information. Iactafrica popi act implementation methodology embarking on a popi act implementation project can be daunting for many organisations as it is not a simple law with which to comply. The protection of personal information popi act special features. Controlling information is the central component to creating a business, which popi processes and procedures can be effectively executed and its ethics upheld. Section 9 of popi states that personal information may only be processed if, given the purpose for which it is. According to workpool 2017, the purpose of the popi act is to ensure that all southafrican institutions conduct themselves in a responsible popi popi popi. Constitution and the purpose and application of the protection of personal information act, no 4 of 20.
Popi act implementation and support popi solutions. In simple terms, the purpose of the popi act is to ensure that all south african institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entitys personal information by holding them accountable should they abuse or compromise your personal information in any way. Guide of the south african human rights commission. In south africa, section 14 of the constitution protects the right of privacy of citizens, which popi enforces, and the law itself has been in the making for almost a decade. The protection of personal information act 4 of 20 aims. It applies to all businesses that process personal information of staff, customers, clients and productservice providers. The protection of personal information act 20, popia popi is south africas official data protection law.
Protection of personal information act 4 of 20 south. The popi act does not stop you from processing and does not require you to get consent from data subjects to. The protection of personal information popia act has been signed into law by the president on 19 november and published in the government gazette notice 37067 on 26 november 20. Po box 1161, green point, 8051, cape town, south africa physical address. The popi legislation basically considers your personal information to. Paia and popi act certification services south africa. The south african information regulator regulator has indicated that the effective date for full promulgation of popia will likely be early 2018, following which all organisations will have one year to become compliant. The sahrc has compiled a guide, as contemplated in section 10 of the south african human rights. The protection of personal information act is commonly referred to as popi.
The popi protection of personal information act has not yet commenced, although it was enacted in 20. The purpose of the this act is to ensure all south african businesses conduct themselves in a responsible manner when collecting, processing, storing and sharing another entitys personal information by holding them accountable should they abuse or compromise the third partys personal information in any way. The protection of personal information popi act rw africa. Personal information broadly means any information relating to an identifiable, living natural person or juristic person companies, ccs etc.
It is anticipated that popi regulations will be promulgated in 2018, commencing the application of the popi act. Paia manual ig markets south africa limited, paia manual, anuary 2019 ig markets south africa limited, authorised and regulated by the financial sector conduct authority in south africa. Introduction the promotion of access to information act, no. Privacy policy in terms of the protection of personal.
Popi awareness posters 5 printed posters for your office. Protection of personal information a short guide on popi. The act sets a number of conditions for you to lawfully process the personal information of data subjects both juristic and natural persons. We became used to talking about popi, and the information regulator is now prefering to use the term popia, or popi act.
Guidelines and training manual social surveys africa the protection of personal information popi act as published in the government gazette notice 37067 on 26 november 20. Details and dates of the public events are listed on the seminar schedule above. Protection of personal information act, 20 department of justice. Your popi training guide and compliance manual is only your, introduction to popi. The popi act is south africas equivalent to the european union general data protection regulation eu gdpr. Rendering service according to instructions given by clients. Manual in terms of the promotion of access to information. Protection of personal information hrtorque outsourcing. Accountability processing limitation purpose specification further processing limitation information quality openness security safeguards data subject participation these conditions and their implications for business are discussed in more detail. The protection of personal information act, no 4 of 20 promotes the protection of personal information by public and private bodies. To give effect to the constitutional right to privacy by safeguarding personal information when processed by a responsible. Protection of personal information act 4 of 20 hereinafter the popi act or the act,2 despite the fact that the south african law reform commission hereinafter the salrc already took the first steps towards enacting data privacy legislation in south africa in november of 2000.
The act lists the following eight conditions for the lawful processing of personal information, each containing their own sections. It sets some conditions for you to lawfully process the personal information of data subjects both natural and juristic persons. A member of the regulator or a person referred to in section 491b or 501b who is not subject to the provisions of the public service act, 1994 proclamation no. Popi refers to south africas protection of personal information act.
At this stage no notices hashave been published on the categories of. As the information regulator develops the popi regulations further, so the dates and requirments will become clearer. Pty limited and other south african subsidiaries which the acts apply to collectively. Purpose of the popi act the purpose of the popi act is the following. Popi and the issue of privacy cctv handbook 2015 hi. Y the a to z of popi are covered comprehensively y a highly knowledgeable and prominent course facilitator y crossborder transfer of personal information is tackled. Constitution of the republic of south africa act, 108 of 1996. Information act of 2000 to address the requirements of the protection of personal information act no 4 of 20. If it is approached in a structured manner, however, it can be less daunting and far easier to tackle. Specifically to implement and maintain the provisions of the popi act including but not limited to the following. Compliance to the protection of personal information act popia, also known as the popi act, will be mandatory for most organisations in south africa.
Why are south african lawyers remaining in the dark with popi. If you are using etorque, our cloudbased payroll and hra database, you are already compliant from a software security and data storage perspective, with regard to the system. To give effect to the constitutional right to privacy by safeguarding personal information when processed by a responsible party. Despite the apathy of the profession, in 20 the lssa organised and presented a roadshow to deal with the protection of personal information, which was held at six. The delay, while frustrating for some, gives others a breathing space to get their companies up to scratch on the law. Whereas it is agreed that all parties agree that they will comply with popi regulations and process all the information. Experienced data protection professionals, who participated in drafting the popi bill and have extensive legal, business and data processing experience, will explain how to translate legal obligations into operational practices. The protection of personal information act and south african schools the protection of personal information popi act was signed into law on 19 november 20. The scope of this manual will exclude eohs operations outside south africa and will. The law society of south africa guidelines the question may be asked what has the law society of south africa lssa done relating to the protection of personal information. Protection of personal information popi isnt new in south africa.
235 468 699 1549 195 739 1043 1319 1392 1150 267 337 1576 258 223 187 606 1482 186 569 751 1424 1371 1200 796 995 366 1142 512 764 589 989