popia compliance

Helping you navigate the legal landscape

popia compliance

POPIA is the Protection of Personal Information Act No. 4 of 2013. The purpose of the Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing personal information records.

POPIA, the Virtual Agent & You

info
WHAT IS PERSONAL INFORMATION ?

It is information relating to an identifiable, living, natural person, and where it is applicable and identifiable, existing juristic persons.

info
WHAT IS PROCESSING ?

It is any operation or activity or any set of operations, whether or not by automatic means, including: Collection, Organising, Updating, Storing Dissemination, Modification & Destruction.

The POPI Act came into effect as of 1 July 2021. It has been published in the Government Gazette, with all parts of the Protection of Personal Information Act currently effective. With full compliance with the Act being absolutely essential, we are dedicated to ensuring 100% compliance both for our platform and for the agents who trust us to be their number one sales tool.

What is the Difference Between a Responsible Party and an Operator ?

info
WHAT IS A RESPONSIBLE PARTY ?

It is the party who determines the purpose of and means for processing personal information. This decision may be made alone or in conjunction with another party.

info
WHAT IS AN OPERATOR ?

It is a person who processes personal information for a responsible party in terms of a contract or mandate, but does not come under the direct authority or control of the responsible party, typically a service provider.

Responsible parties determine the purpose for processing information, what information is processed, for how long and how it is processed. Where an operator is involved, the responsible party will still determine the purpose for processing etc, but will outsource the processing of the information to the operator. The responsible party therefore still makes all decisions in relation to the information and the operator acts in accordance with these decisions and on the instructions from the responsible party. The responsible party remains ultimately accountable for ensuring that POPIA is complied with by both itself and all operators providing services to the responsible party. The outsourcing or sub-contracting of any processing activities to operators does not absolve the responsible party from liability towards the person whose information is being processed. If the operator contravenes POPIA, the responsible party may still be held liable by the Information Regulator.

understanding the legal framework.

The 8 Information Processing Principals: The Core of POPIA

ACCURACY

The responsible party has a duty to ensure that the POPIA information processing conditions are complied with at the time of determining the purpose and means of processing as well as during the actual processing.

PROCESSING LIMITATION

Processing, including collection must be lawful and in accordance with POPIA requirements. Personal information may only be processed in a way that is adequate, relevant and not excessive - considering purpose of processing.

PURPOSE SPECIFIC

A responsible party must collect personal information for a specified purpose and must communicate the purpose to the person whose information is collected. It may only be retained for as long as necessary, considering the purpose.

FURTHER PROCESSING LIMITATIONS

All use of personal information after collection, must be compatible with the purpose for which it was originally collected.

INFORMATION QUALITY

The responsible party has a duty to take reasonable steps to keep information records updated.

OPENNESS

A data subject must know for which purposes personal information is being collected and used. Certain prescribed information must be provided to the data subject.

ACCURACY

The responsible party has a duty to ensure that the POPIA information processing conditions are complied with at the time of determining the purpose and means of processing as wellas during the actual processing.

SECURITY SAFEGUARDS

The responsible party must secure the integrity of personal information in its possession or under its control by taking prescribed measures to prevent loss of, damage to or unauthorised destruction of personal information and unlawful access to or processing of personal information.

DATA SUBJECT PARTICIPATION

A data subject has the right to request a responsible party to confirm, free of charge, whether or not the responsible party holds personal information about the data subject and request from a responsible party the record or a description of the personal information held, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.

Be in the know

What are the Key Obligations of a Company Under POPIA?

key obligations
info
ACCURACY
Ensure you keep up-to-date.
info
ACCESS
A data subject must be given access to their information if requested.
info
SECURITY
Ensure measures are put in place to keep the data secure.
info
PURPOSE
Only use the data for the purpose it was collected for.
info
RETENTION
Only store the data for the time required, considering the purpose for which it was collected.
info
LAWFUL USE
Ensure measures are put in place to keep the data secure.