POPIA COMPLIANCE
Helping you navigate the legal landscape
POPIA is the Protection of Personal Information Act No. 4 of 2013. The purpose of the Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing personal information records.
POPIA, THE VIRTUAL AGENT & YOU
WHAT IS PERSONAL INFORMATION ?
It is information relating to an identifiable, living, natural person, and where it is applicable and identifiable, existing juristic persons.
WHAT IS PROCESSING ?
It is any operation or activity or any set of operations, whether or not by automatic means, including: Collection, Organising, Updating, Storing Dissemination, Modification & Destruction.
The POPI Act came into effect as of 1 July 2021. It has been published in the Government Gazette, with all parts of the Protection of Personal Information Act currently effective. With full compliance with the Act being absolutely essential, we are dedicated to ensuring 100% compliance both for our platform and for the agents who trust us to be their number one sales tool.
WHAT IS THE DIFFERENCE BETWEEN A RESPONSIBLE PARTY AND AN OPERATOR ?
Responsible parties determine the purpose for processing information, what information is processed, for how long and how it is processed. Where an operator is involved, the responsible party will still determine the purpose for processing etc, but will outsource the processing of the information to the operator. The responsible party therefore still makes all decisions in relation to the information and the operator acts in accordance with these decisions and on the instructions from the responsible party. The responsible party remains ultimately accountable for ensuring that POPIA is complied with by both itself and all operators providing services to the responsible party. The outsourcing or sub-contracting of any processing activities to operators does not absolve the responsible party from liability towards the person whose information is being processed. If the operator contravenes POPIA, the responsible party may still be held liable by the Information Regulator.
WHAT IS A RESPONSIBLE PARTY ?
It is the party who determines the purpose of and means for processing personal information. This decision may be made alone or in conjunction with another party.
WHAT IS AN OPERATOR ?
It is a person who processes personal information for a responsible party in terms of a contract or mandate, but does not come under the direct authority or control of the responsible party, typically a service provider.
UNDERSTANDING THE LEGAL FRAMEWORK.
THE 8 INFORMATION PROCESSING PRINCIPLES: THE CORE OF POPIA
ACCURACY
The responsible party has a duty to ensure that the POPIA information processing conditions are complied with at the time of determining the purpose and means of processing as well as during the actual processing.
PROCESSING LIMITATION
Processing, including collection must be lawful and in accordance with POPIA requirements. Personal information may only be processed in a way that is adequate, relevant and not excessive - considering purpose of processing.
PURPOSE SPECIFIC
A responsible party must collect personal information for a specified purpose and must communicate the purpose to the person whose information is collected. It may only be retained for as long as necessary, considering the purpose.
FURTHER PROCESSING LIMITATIONS
All use of personal information after collection, must be compatible with the purpose for which it was originally collected.
INFORMATION QUALITY
The responsible party has a duty to take reasonable steps to keep information records updated.
OPENNESS
A data subject must know for which purposes personal information is being collected and used. Certain prescribed information must be provided to the data subject.
ACCURACY
The responsible party has a duty to ensure that the POPIA information processing conditions are complied with at the time of determining the purpose and means of processing as wellas during the actual processing.
SECURITY SAFEGUARDS
The responsible party must secure the integrity of personal information in its possession or under its control by taking prescribed measures to prevent loss of, damage to or unauthorised destruction of personal information and unlawful access to or processing of personal information.
DATA SUBJECT PARTICIPATION
A data subject has the right to request a responsible party to confirm, free of charge, whether or not the responsible party holds personal information about the data subject and request from a responsible party the record or a description of the personal information held, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information.
BE IN THE KNOW
WHAT ARE THE KEY OBLIGATIONS OF A COMPANY UNDER POPIA?
ACCURACY
ACCESS
SECURITY
PURPOSE
RETENTION
LAWFUL USE
TRY THE VIRTUAL AGENT FOR FREE
Physical Address
Mayfair on the lake,
5 Park Lane,
Umhlanga Ridge, 4319
South Africa