Understand your current compliance to PoPIA and where to improve_
The purpose of PoPIA (Protection of Personal Information Act) is to enforce everyone’s constitutional right to privacy and the safeguarding of their personal information against theft, fraud, and other abuses. All businesses collect and process personal information about employees and clients. PoPIA introduces new data protection obligations for businesses while providing increased data protection for data subjects. PoPIA stipulates conditions for the lawful processing of personal information while ensuring its security and protection against theft, fraud and other abuses of rights to privacy.
PoPIA is compulsory for all and sets out conditions around how personal information should be lawfully processed and stored by third parties to ensure its security and protection. All businesses have personal information about their employees, suppliers, and clients. In fact, policies like FICA (Financial Intelligence Centre Act) actually demand personal and financial client data be gathered and stored.
But what happens if data is misused, stolen or lost? Data breaches can come from a variety of sources and not every data breach is caused by sophisticated hacking attempts. Many can stem from human error or mundane oversights, which doesn’t make them any less damaging.
Businesses need to be familiar with PoPIA requirements and have an active plan towards PoPIA compliancy or face the risk of substantial fines, imprisonment, or both. For these reasons, it’s important to understand whether you have the right processes and controls in place to protect your company and its data.
PoPIA has changed the way we do business. Armata’s PoPIA Advisory Services assist businesses in a consultative approach to identify the key challenges and determine the necessary steps to take as part of the journey towards PoPIA compliance. Armata does not, however, certify PoPIA compliance.
Armata offers a PoPIA Advisory Service with the following components:
- Conduct an Information Audit to determine:
– The categories of personal information your organisation processes
– Why is it processed (what’s the purpose?)
– Where and how you store the personal information
– Who you share personal information with
- Appoint or work with an Information Officer
- Conduct an Organisational Impact assessment
- Create an awareness guideline for the organisation and staff
- Run a Posture Assessment
- Run security assessments to see how easily Data can be compromised by third parties or internally
- Recommend improvements
- Offer on-going monitoring and reporting of your Data compliance