POPI Information Regulator: What’s new?

• POPI Act was published in the Government Gazette on 26 November 2013.
• Chairperson of the Information Regulator was appointed with effect from 1 December 2016.
• Draft regulations published for public comment on 8 September 2017.
• Closing date for public comments was 7 November 2017.
• Submission for tabling of draft regulations to Parliament February / March 2018.
• Anticipated date of publication of final regulations is first week of April 2018
• POPI. What’s new? We will update this page monthly to highlight and link to what’s new in our Guide to POPI. Click here.

• POPI compliance is not just a matter of ticking a few boxes.
• The Act demands that you be able to demonstrate compliance with the Conditions for the Lawful Processing of Personal Information.
• This involves taking a risk-based approach to data protection to ensure appropriate policies and procedures are in place to –
  • deal with the transparency, accountability and individuals’ rights provisions,
  • as well as building a workplace culture of data privacy and security.
• With the appropriate Information Compliance Management Framework in place, will you be able to –
  • avoid significant fines and reputational damage,
  • show customers that you are trustworthy and responsible, and
  • derive added value from the data you hold.

• Build customer trust
• Improve brand image and reputation
• Being legally compliant

• Improve data governance
• Improve information security
• Improve competitive advantage

POPI applies to:

• POPI applies to personal information.
• One of the new ambitions that POPI promotes is to give living persons, the “data subjects”, an increased level of control over their information.
• It also aims to improve the environment by ensuring that Responsble Parties and Operators process information safe through promoting behavioural change.
• POPI provides for enhanced supervision by increasing the powers of the Information Regulator.

 Personal Information

• This is any information that can directly or indirectly identify a natural person, and can be in any format.
• Personal Information includes name, address, email address, photo, IP address, telephone number, location information, the biometric information of the person, etc.

 Special Personal Information

• The Act places much stronger controls on the processing of special categories of personal information.
• Special Personal Information includes religious or philosophical beliefs, race or ethnic origin, trade union membership, political opinions, health, DNA, sexual life or criminal behaviour of a data subject.
• Look here for full description of the term personal information.

 POPI strengthens the privacy rights of individuals

Learn more about:

• Our 3 options helping you getting POPI ready and compliant – click here
• Our 9 step process to become POPI compliant – this is part of our GO PIXEL’S POPI DOCUMENTATION TOOLKIT project plan. Email us
• The difference between the “Responsible Person and an “Operator” – click here
• Third parties having access to personal information in your company – click here

The costs of non compliance

Recommendation 1: Documentation Toolkit

Buy our Module 5 – Practice Management Reference Guide 2018 (Privacy Management Program in the Healthcare Practice, as a downloadable file (a link to the website of ASAIPA) supported by a CD, and implement your own compliance program. Price From R 2,550.00 (ASAIPA Members R 950.00)

This option is best for those who want to do it themselves alone, at their own pace and keep the cost of compliance as low as possible. There are no recurring fees. You can always start here and then move to one of the other options at a later stage if necessary.

Suitable for:

• small organisations whose primary business activity is not the processing of personal information,
• large organisations with a compliance function with the necessary skills, knowledge and capacity

Interested?

Full details here. If you are interested, please Order here or send us an email. We will contact you to find out more about your requirements and give you a quote.

Look here for an example of the documents. forms, guidelines in our Privacy Management Program

Recommendation #2: Seminar plus Documentation Toolkit

Send one or more staff members to our upcoming seminars in various towns throughout South Africa at a 20% discount and receive Module 5 as part of the seminar package. The seminars will be:

Seminar 1: Practice Administration Seminar: Privacy & Information Security Awareness in the Healthcare Practice

– All staff members.
– Objective is to meet the requirements of section 17(1) of the National Health Act and prevention of liability to a fine or imprisonment on a conviction in terms of section 17(2): “(1) The person in charge of a health establishment in possession of a user’s health records must set up control measures to prevent unauthorized access to those records and to the storage facility in which, or system by which, records are kept.”

Seminar price: R 850.00 Price for ASAIPA Members: R 680.00

Full details here

Seminar 2: Practice Administration Seminar: Making Sense of the PAIA and POPI Acts in the Healthcare Practice

– All staff members
– Objective is to understand and meet the requirements of the POPI and PAIA Act.

Seminar price: R 2,250.00 Price for ASAIPA Members: R 1,680.00

Full details here

Interested?

If you are interested, please Order here or send us an email. We will contact you to find out more about your requirements and give you a quote.

Look here at the details of our seminars:

Seminar 1: Privacy & Information Security Awareness in the Healthcare Practice

Seminar 3: Making Sense of the PAIA and POPI Acts in the Healthcare Practice

Recommendation #3: In-House

In-house training and consultancy with the practice owner. Minimum of 6 people per day to make it cost effective (training is for 3,5 hours and a fixed tariff – R 6,500.00 plus transport and accommodation (if applicable). Manual and documentation Kit included. The advantages are:

•  Dates are set to suit the practice and presenter’s availability.
• Training is focused on practice’s specific requirements and needs
•  Industry specific examples and case studies
•  Solutions to your own practical problems can be discussed
• Cost savings as a result of discounted rate
• Enhances team dynamics

Interested?

If you are interested, please Order here or send us an email. We will contact you to find out more about your requirements and give you a quote.

Why In-House Training?

• In-House training is often a more cost effective solution when training a number of staff for the same training requirement.
• Your training needs can be customised and aligned with your organisation’s culture, work procedures and strategic vision.
• Training can run where, when and how you want it.

Recommendation 4: We do it for you

We can do all that is necessary to get you compliant for POPI. This option complements the other two options. This is for organisations who want to outsource the function of Information Officer. This is for small, medium or large sized healthcare practices. Through the program, we help many organisations who have a similar compliance requirement at the same time. There is an option of a fixed monthly fee.

If you’re interested, read more about what we can do for you and we can quote you a fixed price (on an as-and-when-needed basis) or agree a retainer. See here

Interested?

If you are interested, please send us an email. We will contact you to find out more about your requirements and give you a quote.