Why do you need a POPIA Compliance Management Framework Toolkit?

POPIA requires organisations to implement “appropriate technical and organisational measures” to secure the personal information they process. … This can best be achieved via a Privacy Compliance Management Framework: a formal structure for managing the security of personal information.

Paragraph 4(1)(a) of the Regulations in terms of POPIA stipulates that an information officer must ensure that a compliance framework is developed, implemented, monitored and maintained.

In terms of section 109 of POPIA the Regulator can fine your company up to R 10 mWhen determining an appropriate fine, the Regulator must consider certain factors, including any failure to operate good policies, procedures and practices to protect personal information.

Our POPIA Compliance Management Framework Toolkit can help your organisation meet the requirements of POPIA and these regulations quickly and effectively.

Is the toolkit suitable for my business?

Our Toolkit is suitable for the following sectors:

  • Community, Special and Personal Services (including healthcare, legal and accounting practices and NPO’s)
  • Finance and Business Services
  • Transport Storage and Communications
  • Construction
  • Agriculture
  • Retail and Motor Trade and Repair Services
  • Mining and Quarrying
  • Manufacturing R30 million
  • Electricity, Gas and Water
  • Wholesale Trade, Commercial Agents and Allied Services

Catering, Accommodation and other Trade

What is included with my toolkit?

  • 74+ template documents – including policies, procedures, forms, checklists, presentations. posters and other useful resources.
  • 2 months of email support
  • A 12-month subscription to our toolkit update service.
  • One toolkit licence per company for unlimited users within the business.
  1. Management Categories

Our POPI Compliance Management Framework consist of 14 Privacy Management Categories.

Category _:        Compliance Statement

Category 0:        Document / Record Management

Category 1:        POPIA Preparation Project

Category 2:        Governance & Leadership Structure

Category 3:        Training and Awareness Program

Category 4:        Personal Information Inventory

Category 5:        Personal Information Security Policies & Procedures

Category 6:        Data Subject Rights

Category 7:        Electronic Communication & Transaction

Category 8:        Third Party / Operator Compliance

Category 9:        Direct Marketing

Category 10:      Security Incident Procedures

Category 11:      Website Compliance

Category 12:      Legislation, Regulations and Ethical Guidelines

Category 13:      Guidelines & Checklists

  1. Technical and Organisational Measures (Activities)

Each category does have certain Technical and Organisational Measures (activities) which produce documentation (forms, policies, SOP, guidelines, training presentations and posters, etc). that will help demonstrate ongoing compliance with your POPI compliance obligations (some activities may not apply to your organisation). There are a total of 74 activities (depending on the industry your organisation operates in). See a sample of our 00.6_POPIA Implementation Plan.

 

POPIA COMPLIANCE MANAGEMENT FRAMEWORK                                                                                                                                                                                                                                                                                                                                

This is one of 12 categories of management planning.
POPIA Preparation Planning
Objective: Create a POPI Compliance Management Framework in terms of paragraph 4(1)(a) of the Regulations in terms of the POPI Act
NOTE: All categories and activities are approximations and will depend on the specifics of your project. If appointed and registered, the Information Officer may take the role of Project leader.
6 – Data Subject Rights
Activity No Activity Template Main POPIA Reference Mandatory?
06.1 Create Procedure for Handling of Individual Rights 06.1_Procedure for Handling of Individual Rights

POPIA:  Section 5 & 109(3)(d)

Regulations: Regulation 4(1)(d)

Mandatory
06.2 Create Consent for Processing of Personal Information 06.2_Consent to Process Personal Information Policy

POPIA:  Section 14(7)

Regulations: Regulation 4(1)(d)

Mandatory
06.3 Create Forms and Procedure for Objection to the Processing of Personal Information 06.3_Form 1 Objection to the Processing of Personal Information

POPIA:  Section 11(3)

Regulations: Regulation 2

Mandatory
06.4 Create Forms and Procedure Request for Correction or Deletion of Personal Information or Destroying or Deletion of Record of Personal Information 06.4_Form 2 Request for Correction or Deletion of Personal Information or Destroying or Deletion of Record of Personal Information

POPIA:  Section 24(1)

Regulations: Regulation 3

Mandatory
06.5 Create Forms and Procedure Request for Access to Record of Private Body 06.5_Form C Request for Access to Record of Private Body

PAIA:  Section 51(1)(b)(iv) & 51(1)(e)

Regulations: Regulation 10

Mandatory
06.6 Create Data Subject Request Register 06.6_ Data Subject Request Register

POPIA:  Section 14(7)

Regulations: Regulation 4(1)(d)

Recommended
06.6 Create Forms & Procedures for Withdrawal of Consent 06.7_Withdrawal of Consent POPIA:  Section 11(2)(b)) Recommended
  Additional Resource

12.1.5_Checklist Data Subject Rights Forms & Procedures

12.2.5_Guideline Data Subject Rights

What is the cost of the toolkit?

Simply click “Buy now” to start the process. Once you have completed your order, we will send you an invoice with payment instructions. On receiving proof of payment, we will send a link for download from Dropbox. Please ensure you use a valid email address, as we will use this to supply your product updates.

R 3,400.00 (15% VAT inclusive)

R 5,500.00 (15% VAT inclusive) – we help with implementation