How can we ensure that our business is complying with Popi
How can we ensure that our business is complying with Popi
As an small business trying to scale, what can we do to ensure that our business is complying with Popi and protect the data we have access to?
Hi James,
You will have to
In order to ensure that your company is POPI complaint understand the 8 principles of POPI:
They are:
1; Accountability
The organisation must appoint a party (Information Officer) who will be responsible for ensuring that the information protection principles within POPIA and the controls that are in place to enforce them are complied with.
2: Processing Limitation
The second principle deals with the lawfulness of processing, minimality of information collected, consent, justification and objection, and the collection of personal information directly from the data subject.
3: Purpose Specification
The third principle provides that personal information must be collected for a specific purpose and the data subject from whom the personal information is collected must be made aware of the purpose for which the personal information was collected.
4: Further processing limitation
The fourth principle regulates the further processing of personal information. If a responsible party further processes personal information, such processing must be compatible with the purpose for which the information was collected in principle 3.
5: Information quality
The fifth principle provides that the responsible party must take reasonable steps to ensure that the personal information that has been collected is complete, accurate, not misleading and up to date. In so doing, the responsible party must take into consideration the purpose for which the personal information was collected.
6: Openness
The sixth principle provides that the responsible party must be open about the collection of personal information by notifying the Regulator if it is going to process personal information and, if personal information is going to be collected, the responsible party must take “reasonably practicable steps to ensure that the data subject has been made aware that his or her personal information is going to be collected. The responsible party should for example, take reasonable steps to make the data subject aware of its name and address, and the purpose for which the personal information being collected.
7: Security Safeguards
The seventh principle provides that the responsible party must ensure that the integrity of the personal information in its control is secured through technical and organisational measures.
8: Data Subject Participation
The eighth principle provides that data subjects have the right to request that a responsible party confirm (free of charge) whether it holds personal information about the data subject, and he or she may also request a description of such information.
Some ways to keep your data safe:
1. Back up your data
Create a back-up copy of your data, and do this regularly. Store it somewhere other than your main workplace, if possible. That way, if there’s a break-in, fire or flood, you don’t lose everything.
2. Use strong passwords
Make sure you, your staff, volunteers, and anyone else involved in your operations uses strong passwords – including smartphones, laptops, tablets, email accounts and computers.
3. Take care when working remotely
Make sure the devices you use are as secure as the equipment you use in the office. Also be mindful of your surroundings. If you’re on a bus, for example, it’s relatively easy for other people to see your screen.