Our PoPIA accelerator leverages lessons learned during GDPR implementations to leverage and extend enterprise data catalogs for PoPI Act compliance.
Leverage our accelerator to simplify PoPI Act compliance
A prebuilt operating model for PoPIA compliance
South Africa's Protection of Personal Information Act (PoPIA) protects parties (both natural and legal persons) from the unauthorised use of personal data.
Similar in many ways to Europe's Global Data Protection Regulation, PoPIA recognises that personal data is the property of the data subject and restricts how that data may be used by companies holding it.
At its core, PoPIA requires that companies plan for privacy by design - ensuring that data management policies and practices are in place to ensure compliance.
PoPIA in the data lifecycle
Our PoPIA Accelerator
The 8 tenets of PoPI
From a data management perspective, PoPI requires compliance with 8 tenets, namely:
- Responsible party to ensure conditions for lawful processing
- Processing Limitation
- Lawfulness of processing
- Consent, justification and objection
- Collection directly from the data subject
- Purpose Specification
- Collection for a specific purpose
- Retention and restriction of records
- Further Processing Limitation
- Further processing to be compatible with the purpose of collection
- Information Quality
- Quality of information
- Notification to the data subject when collecting personal information
- Security Safeguards
- Security measures on integrity and confidentiality of personal information
- Information processed by operator or person acting with authority
- Security measures regarding the information processed by the operator
- Notification of security compromises
- Data Subject Participation
- Access to personal information
- Correction of personal information
- Manner of access
What is a PoPIA accelerator?
Attempting to deliver each of the 8 tenets, across every stage of the data life cycle, and for every system that holds personal data may seem overwhelming.
Our PoPI accelerator helps you to deliver PoPIA quickly by providing the Policy Frameworks, Principles, Glossaries and more to place the PoPI Act in the context of your data landscape, ensure Accountability, and accelerate compliance.
We provide an operating model that extends data catalogues, like Data360 Govern or Collibra, to ensure that key assets required by GDPR and PoPIA are delivered promptly.
Our accelerator does not guarantee compliance and should be adapted to your requirements.
Using the PoPIA Accerator to achieve compliance
Our approach facilitates a top-down and iterative approach to compliance - allowing you to start with priority (high-risk) ecosystems and achieve quick wins e.g.
- linking critical business processes and processing limitations;
- then relating critical systems to the above,
- then relating critical data elements to these systems, etc.
Core to Data Governance are the concepts of Accountability and Documentation - ensuring these fundamental principles are delivered from day one.
One can solve smaller, high-priority problems one at a time whilst always building the total picture.
Want to learn more about Data Privacy and Protection Fundamentals Course released by eLearning Curve? Check out the online course offered as part of our Certified Data Steward accreditation.
Leveraging GDPR for the PoPI Accelerator
This approach has been proven in the delivery of GDPR compliance in Europe and elsewhere.
The similarities between PoPIA and GDPR mean that South African companies can also leverage previous GDPR capabilities - for example, to manage a data breach - to ensure compliance with both the local (South African) and international regulations
The data catalogue is the foundation of the empowered consumer.
It will provide you with a picture of how your data affects key business processes and impacts your customer's experience - insights you can use to improve your business effectiveness and agility.
In the long term, an informed, empowered, data-driven consumer is great for your business. The more your customers are invested in their own data, the better resource they can be as you seek to understand their preferences and build experiences and products accordingly.