Why do you need a POPIA Compliance Management Framework Toolkit?
POPIA requires organisations to implement “appropriate technical and organisational measures” to secure the personal information they process. … This can best be achieved via a Privacy Compliance Management Framework: a formal structure for managing the security of personal information.
Paragraph 4(1)(a) of the Regulations in terms of POPIA stipulates that an information officer must ensure that a compliance framework is developed, implemented, monitored and maintained.
In terms of section 109 of POPIA the Regulator can fine your company up to R 10 mWhen determining an appropriate fine, the Regulator must consider certain factors, including any failure to operate good policies, procedures and practices to protect personal information.
Our POPIA Compliance Management Framework Toolkit can help your organisation meet the requirements of POPIA and these regulations quickly and effectively.
Is the toolkit suitable for my business?
Our Toolkit is suitable for the following sectors:
- Community, Special and Personal Services (including healthcare, legal and accounting practices and NPO’s)
- Finance and Business Services
- Transport Storage and Communications
- Construction
- Agriculture
- Retail and Motor Trade and Repair Services
- Mining and Quarrying
- Manufacturing R30 million
- Electricity, Gas and Water
- Wholesale Trade, Commercial Agents and Allied Services
Catering, Accommodation and other Trade
What is included with my toolkit?
- 74+ template documents – including policies, procedures, forms, checklists, presentations. posters and other useful resources.
- 2 months of email support
- A 12-month subscription to our toolkit update service.
- One toolkit licence per company for unlimited users within the business.
- Management Categories
Our POPI Compliance Management Framework consist of 14 Privacy Management Categories.
Category _: Compliance Statement
Category 0: Document / Record Management
Category 1: POPIA Preparation Project
Category 2: Governance & Leadership Structure
Category 3: Training and Awareness Program
Category 4: Personal Information Inventory
Category 5: Personal Information Security Policies & Procedures
Category 6: Data Subject Rights
Category 7: Electronic Communication & Transaction
Category 8: Third Party / Operator Compliance
Category 9: Direct Marketing
Category 10: Security Incident Procedures
Category 11: Website Compliance
Category 12: Legislation, Regulations and Ethical Guidelines
Category 13: Guidelines & Checklists
- Technical and Organisational Measures (Activities)
Each category does have certain Technical and Organisational Measures (activities) which produce documentation (forms, policies, SOP, guidelines, training presentations and posters, etc). that will help demonstrate ongoing compliance with your POPI compliance obligations (some activities may not apply to your organisation). There are a total of 74 activities (depending on the industry your organisation operates in). See a sample of our 00.6_POPIA Implementation Plan.
POPIA COMPLIANCE MANAGEMENT FRAMEWORK
This is one of 12 categories of management planning. | ||||
POPIA Preparation Planning | ||||
Objective: Create a POPI Compliance Management Framework in terms of paragraph 4(1)(a) of the Regulations in terms of the POPI Act | ||||
NOTE: All categories and activities are approximations and will depend on the specifics of your project. If appointed and registered, the Information Officer may take the role of Project leader. | ||||
6 – Data Subject Rights | ||||
Activity No | Activity | Template | Main POPIA Reference | Mandatory? |
06.1 | Create Procedure for Handling of Individual Rights | 06.1_Procedure for Handling of Individual Rights |
POPIA: Section 5 & 109(3)(d) Regulations: Regulation 4(1)(d) |
Mandatory |
06.2 | Create Consent for Processing of Personal Information | 06.2_Consent to Process Personal Information Policy |
POPIA: Section 14(7) Regulations: Regulation 4(1)(d) |
Mandatory |
06.3 | Create Forms and Procedure for Objection to the Processing of Personal Information | 06.3_Form 1 Objection to the Processing of Personal Information |
POPIA: Section 11(3) Regulations: Regulation 2 |
Mandatory |
06.4 | Create Forms and Procedure Request for Correction or Deletion of Personal Information or Destroying or Deletion of Record of Personal Information | 06.4_Form 2 Request for Correction or Deletion of Personal Information or Destroying or Deletion of Record of Personal Information |
POPIA: Section 24(1) Regulations: Regulation 3 |
Mandatory |
06.5 | Create Forms and Procedure Request for Access to Record of Private Body | 06.5_Form C Request for Access to Record of Private Body |
PAIA: Section 51(1)(b)(iv) & 51(1)(e) Regulations: Regulation 10 |
Mandatory |
06.6 | Create Data Subject Request Register | 06.6_ Data Subject Request Register |
POPIA: Section 14(7) Regulations: Regulation 4(1)(d) |
Recommended |
06.6 | Create Forms & Procedures for Withdrawal of Consent | 06.7_Withdrawal of Consent | POPIA: Section 11(2)(b)) | Recommended |
Additional Resource |
12.1.5_Checklist Data Subject Rights Forms & Procedures 12.2.5_Guideline Data Subject Rights |