COMPLYING WITH THE LEGAL REQUIREMENTS FOR THE PROTECTION OF PERSONAL INFORMATION
The POPI Act requires all public and private bodies to ensure that how they use personal information is lawful, that there are systems in place for the protection of personal information, and there are processes for handling requests from the Information Regulator and individuals (i.e. data subjects). Developing a POPI compliance framework is essential for these purposes.
The POPI Act has been finalised. All public and private bodies are required to record their processing of personal information in their PAIA Information Manual prior to actually processing it.
All public and private bodies are required to ensure that the processing of personal information is lawful and that personal information in their possession is always secure. Failure to do so could have serious consequences and may result in criminal proceedings and civil claims for damages.
The POPI Act specifies eight conditions for the lawful processing of personal information. Regardless of whether the organisation is a large corporate, government department, school or research organisation, it will have to ensure that the processing of personal information is lawful and all personal data in its possession is properly acquired, secured and destroyed when obsolete.
Participants will obtain an understanding of the statutory requirements for the processing of personal Information. On completion of this 2 day seminar, participants will be able to:
- Demonstrate an understanding of the requirements of the POPI Act
- Be able to communicate the key aspects of the POPI Act
- Articulate the activities necessary to address the legal requirements for the protection of personal information
- Clarify the roles and responsibilities of all parties required to be involved in the protection of personal information
- Prepare a POPI compliance framework
- Update the PAIA information manual
- Perform a privacy impact assessment
- Manage the privacy initiative in their organisation.
Participants will learn through discussion and practical examples how to prepare for and address the organisational, procedural, technical and legal requirements of the legislation for the POPI Act.
This seminar includes topics about:
- The key components of the POPI Act
- Accountability for the processing of personal information
- Conditions for lawful processing of personal information
- Identifying personal information and the category of special personal information
- Processing that is subject to prior authorisations
- Trans-border exchanges of personal data
- Conducting a Privacy Impact Assessment
- Contracting with Operators and verifying compliance
- Building capability to manage Privacy
- Privacy by Design
- Managing information throughout its life-cycle
- The responsibilities of the CEO, the appointed “responsible parties” and appointed “information officer”
- Records to be maintained in the PAIA information manuals regarding the processing of personal information
- Handling requests for information and complaints from data subjects
- The role and responsibilities of the Information Officer
- The role of the Information Regulator
- Assessments undertaken by the Information Regulator
- Civil remedies, enforcement and criminal offences
- The information security requirements
- The need for records management and a legal register
- Maintaining the information quality of personal data
- Avoiding secondary use and unlawful processing
- Developing an Action Plan to address the requirements for the lawful processing of personal information.