COMPLYING WITH THE REQUIREMENTS FOR THE PROTECTION OF PERSONAL INFORMATION
Privacy is the constitutional right of everyone in South Africa and is entrenched in the “Bill Of Rights”. The POPI Act gives effect to this constitutional right of privacy by requiring safeguards for personal information processed by public and private bodies. Non-compliance may have serious consequences.
This 1 day course provides delegates with an overview of POPI and the significant obligations placed on those business leaders identified as the “responsible parties” and “information officers”. All public and private bodies will be affected by the requirements of this legislation. Various technical and organisational arrangements will be necessary.
Accountability for something as important as privacy protection and the protection of the organisation’s reputation rightly belongs with the Council and executive managers. Many functions (e.g. Legal, Operations, Information Systems, Public Affairs, Marketing) will need to bring their practices into line to ensure that the organisation’s response is consistent and serves the organisation’s enterprise-wide goals and strategies.
The collection of personal information must be for a specifically defined, lawful purpose related to a function of the responsible party. The processing of data must be for a legitimate purpose. Data subjects must be aware of the collection of the data. Adequate business controls are required to maintain data integrity and information security must meet international standards. data must be retained only for as long as necessary and then it must be destroyed.
Participants will obtain an overview of POPI and its implications for their organisations. On completion of this seminar, participants will be able to:
- Articulate the requirements of the Protection of the POPI Act
- Demonstrate an understanding of the conditions for the lawful processing of personal information
- Identify the technical and organisational measurements necessary for protecting personal information
- Describe the various roles and the responsibilities of the personnel who should be concerned about the protection of personal information
- Identify the effort required to meet the requirements of the POPI Act and the conditions for lawful processing and personal information contained therein.
Participants will learn through discussion and practical examples how to address the organisational, procedural, technical, and legal requirements for the POPI.
This seminar includes topics about:
- Overview of the legislation for the Protection of Personal Information
- The duties of the Responsible Party and Information Officer
- Summary of the eight conditions for the lawful processing of personal information
- Working with the Regulator
- Communicating with data subjects
- The eight conditions for the lawful processing of personal information
- How to differentiate between personal and other data
- How to update the PAIA manual and what records to keep about the processing of personal information
- Identifying and mitigating privacy related tasks
- Organisational and technical arrangements necessary for the protection of personal information
- Controlling the activities of service providers and operators
- Trans-border exchanges of personal data
- Building organisational capability to manage privacy
- Challenges from the collection, profiling, cross-marketing, unstructured data, third party processing and secondary use of personal information.