[vc_row][vc_column width=”1/3″][vc_single_image image=”4054″ img_size=”350×300″ alignment=”center”][/vc_column][vc_column width=”1/2″][vc_custom_heading text=”Protection of Personal Information Act No. 4 of 2013″ font_container=”tag:h1|text_align:center|color:%2315ab00″ use_theme_fonts=”yes”][vc_column_text]
Some words of wisdom
You can’t lose what you don’t have – keep as little PI and SPI as possible!
Start thinking in terms of privacy in your daily life.
Try to protect the environment by minimising printing and doing as much as you can digitally.
[/vc_column_text][/vc_column][vc_column width=”1/6″][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
What is the Protection of Personal Information Act (“POPIA” or “POPI Act”)?
www.gov.za says that it aims:
- To promote the protection of personal information processed by public and private bodies
- To introduce certain conditions to establish minimum requirements for the processing of personal information.
- To provide for the establishment of an Information Regulator to exercise certain powers and to perform certain duties and functions in terms of this Act and the Promotion of Access to Information Act, 2000,
- To provide for the issuing of codes of conduct.
- To provide for the rights of persons regarding unsolicited electronic communications and automated decision-making.
- To regulate the flow of personal information across the borders of the Republic.
- To provide for matters connected therewith.
A Word on Personal Information and Special Personal Information
Personal Information (“PI”) is any and all data you keep on any person or organisation. These people and organisations are called Data Subjects.
Special Personal Information (“SPI”) is any unique identifiers you keep on any person or organisation. For example, identify numbers, company/NPO registration numbers, ethnicity, religious beliefs, and more.
There is a lot more to understand about PI and SPI – it’s all in the POPIA Knowledge and Understanding Article.
[/vc_column_text][vc_row_inner][vc_column_inner][vc_separator][/vc_column_inner][vc_column_inner][vc_column_text]
Follow These Steps to POPIA Compliance
[/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column width=”1/3″ css=”.vc_custom_1642516490788{background-color: #ed3e13 !important;}”][vc_column_text css=”.vc_custom_1649402532170{background-color: #ed3e13 !important;}”]
Step 1: Understand the POPI Act
We analysed the POPI Act chapter-by-chapter, section-by-section part-by-part, even condition-by-condition and compiled an article that explains it in easier English, and terms of an educational establishment.
Read the Knowledge and Understanding of the POPI Act and the Knowledge and Understanding of the PAIA Act articles as many times as you need to until you understand it well.
Click through to get the POPIA article
[/vc_column_text][/vc_column][vc_column width=”1/3″ css=”.vc_custom_1642516536212{background-color: #ff7014 !important;}”][vc_column_text css=”.vc_custom_1646726946806{background-color: #ff7014 !important;}”]
Step 2: Appoint a POPIA Team
Use for Section 1 (“POPIA Team”) in your POPIA File
- Read the Guidance Note for Registering Information Officers and Deputies (“IO”).
- Register your IO on the Information Regulator Portal (recommended), otherwise complete and submit the Application to Register an IO and Deputies manually.
- Appoint a POPIA Operator and Sub-Operators.
- Your POPIA team needs Job Descriptions and Letters of Appointment.
Get the Job Descriptions and Appointment Letters
[/vc_column_text][/vc_column][vc_column width=”1/3″ css=”.vc_custom_1642516577085{background-color: #feca1f !important;}”][vc_column_text css=”.vc_custom_1643631953939{background-color: #feca1f !important;}”]
Step 3: Analysis and Planning
Use for Section 2 (“Preparation and Planning”) in your POPIA File
- Complete a Gap Analysis to understand exactly where your organisation stands with POPIA compliance.
- From the results of your Gap Analysis, compile a POPIA Implementation Project Plan.
- Complete a Data Touchpoint spreadsheet – it’s the easiest way to get a clear understanding of the information you keep and why. Thank you to Lauren Kyte of Future Steps for applying her clever mind and creating this spreadsheet for us.
[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column css=”.vc_custom_1642589318802{background-color: #15ab00 !important;}”][vc_column_text css=”.vc_custom_1646728246844{background-color: #15ab00 !important;}”]
Step 4: Children and Employees
Use for Section 6 (“IR Authorisations and Data Subjects Rights”) in your POPIA File
For Employees: In terms of Section 27, if the data subject gives permission to process their SPI, then you do not need to apply for permission. If for any reason it is not possible to obtain permission from the employee, then:
- Read the Guidance Note on Processing Special Personal Information.
- Submit an Application to Process Special Personal Information.
For Children: Even though you’ll obtain permission from the children’s parents/guardians, the Information Regulator is protecting the children and you should still apply for permission to process children’s information.
- Download and read the Guidance Note on the Processing of Children’s Information.
- Complete and submit an Application to Process Children’s Personal Information.
- The Application asks if you’re going to be sending children’s PI outside of South Africa. If yes:
- Download and read the Guidance Note on Prior Authorisation.
- Complete and submit an Application for Prior Authorisation.
- The deadline for Prior Authorisation is 1 February 2022.
There is a special Guidance Note on the Processing of COVID-19 Information. In this case, and this case only, you do not have to obtain permission from the Data Subjects.[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column width=”1/2″ css=”.vc_custom_1642666049238{background-color: #ed3e13 !important;}”][vc_column_text css=”.vc_custom_1646728546007{background-color: #ed3e13 !important;}”]
Step 5: PAIA Manual
Use for Section 3 (“Promotion of Access to Information”) in your POPIA File
- The POPI Act says that you need a PAIA Manual. If you have a website then load the PDF of your PAIA Manual there. Also keep a hard copy on your premises.
- Attach Form C – PAIA Request for access to information to your website and have a copy of it in the office.
- Promotion of Access to Information Act No. 2 of 2000.
Members can get the PAIA Manual template here
[/vc_column_text][/vc_column][vc_column width=”1/2″ css=”.vc_custom_1642589391892{background-color: #ff7014 !important;}”][vc_column_text css=”.vc_custom_1643632582007{background-color: #ff7014 !important;}”]
Step 6: Policy and Procedures
Use for Section 4 (“In-house Privacy Policy”) in your POPIA File
- The POPI Act says that we must implement an in-house Privacy Policy.
- The Privacy Policy must detail a POPIA-specific complaints procedure. All actions taken to resolve the complaint must be recorded on a Complaints Register, from the beginning until the resolved complaint is signed-off.
Members can get the Privacy Policy and complaints templates here
[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column css=”.vc_custom_1642666098530{background-color: #feca1f !important;}”][vc_column_text css=”.vc_custom_1646728715611{background-color: #feca1f !important;}”]
Step 7: Data Subject’s Rights
Use for Section 6 (“IR Authorisations and Data Subjects Rights”) in your POPIA File
- Download and edit a Letter to the Data Subjects making them aware of their rights, responsibilities and requesting permission to process their information. All your data subjects need to get a copy of this letter, for example:
- Consumers (parents and children), and
- Make sure that your Admissions Agreement clearly states that consent to process is voluntary.
- Employees, and
- Make sure that your Employment Agreement clearly states that consent to process is voluntary.
- Third Parties (e.g. extra-mural service providers).
- Consumers (parents and children), and
- Use a Consent Letter Register to record when consent letters were sent out and when the signed copies were received back.
- Data Subjects may request their information to be updated or deleted. You can use these registers to keep a record of the requests.
- POPIA Website Disclaimer – This disclaimer is necessary on your website.
- Make the following forms available to Data Subjects by keeping a hard copy on your premises and/or uploading them to your website:
- Form 1 – Objection to The Processing of Personal Information in terms of Section 11(3)
- Form 2 – Request for Correction, Deletion or Destruction of Personal Information Record in terms of Section 24(1)
- Form 5 – Complaint of Interference with POPIA or Complaint Regarding Determination of An Adjudicator in terms of Section 7
- Form 11 – Request for an Assessment Section 89(1)
- Form C – PAIA Request for access to information
Storing Consent Letters from Data Subjects: Your POPIA file may get very big if you use it to store the returned permission letters. Perhaps consider storing them digitally or on paper in a separate file.
Members can get their Consent Letters and Registers here
[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column css=”.vc_custom_1642589318802{background-color: #15ab00 !important;}”][vc_column_text css=”.vc_custom_1646728805036{background-color: #15ab00 !important;}”]
Step 8: Document Management
Use for Section 7 (“Document Management”) in your POPIA File
An important aspect of the POPI Act is:
- What records do you keep?
- Why do you keep them?
- Where they are stored?
- When will they be deleted?
It is possible to use registers to record this information and to assist with making sure that information and documents are deleted timeously (and not kept for too long). Types of document registers are:
- A Document Register in which you record all your documents and when they will be destroyed.
- A Document Change Register in which you record any changes to documents, e.g., an agreement update, a change on a form, or to a policy, etc.
- A Document Destruction Register in which you record when documents are due to be destroyed, and when it has been done.
- To help you establish the length of time a document must be stored you this Document Retention List (available to everybody).
When managing your documents by using registers, please pay close attention to details as there is room for error. Software is available for this purpose and if you decide to buy it, try and get software that has been developed in South Africa and is aligned with our own POPI Act.
Members can get their document registers here
[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column css=”.vc_custom_1642666160999{background-color: #ed3e13 !important;}”][vc_column_text css=”.vc_custom_1643101821788{background-color: #ed3e13 !important;}”]
Step 9: Your POPIA File
[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column width=”1/2″ css=”.vc_custom_1642666160999{background-color: #ed3e13 !important;}”][vc_column_text css=”.vc_custom_1646728951366{background-color: #ed3e13 !important;}”]Section 1: POPIA Team – Refer to Step 2 above
- Part 1.1 – Information Officer
- Official Registration Certificate
- Copy of IO Job Description
- Copy of IO Letter of Appointment
- Part 1.2 – Operator and Sub-operators
- Copy of Operator Job Description
- Copy of Operator Letter of Appointment and Agreement
Section 2: Preparation and Planning – Refer to Step 3 above
- Part 2.1 – Gap Analysis
- Part 2.2 – POPIA and PAIA Project Plan
- Part 2.3 – Data Touchpoint Spreadsheet
Section 3: Promotion of Access to Information (PAIA) – Refer to Step 5 above
- Part 3.1 – The PAIA Manual
- Part 3.2 – Form C
Section 4: In-House Privacy Policy (POPIA, the GDPR and PAIA) – Refer to Step 6 above
- Part 4.1 – The Privacy Policy
Section 5: Complaints – Refer to Step 6 above
- Part 5.1 – POPIA Complaints Register
Section 6: IR Authorisations and Data Subject’s Rights – Refer to Step 4 and Step 7 above
- Part 6.1 – Information Regulator Authorisations
- Permission to Process Children’s Information
- Permission to Process Special Personal Information
- Prior Authorisation (if necessary)
- Part 6.2 – Data Subject’s Rights
- Data subject letters requesting permission to process
- Data Subject Permission to Process Register
- Data Subject Requests for Updates Register
- Data Subject Requests for Deletions Register
- Part 6.3 – Website Disclaimer
[/vc_column_text][/vc_column][vc_column width=”1/2″ css=”.vc_custom_1643102234386{background-color: #ed3e13 !important;}”][vc_column_text css=”.vc_custom_1646729684516{background-color: #ed3e13 !important;}”]Section 7 – Document Management – Refer to Step 8 above
- Part 7.1 – Document Register
- Part 7.2 – Document Change Register
- Part 7.3 – Document Destruction Register
- Part 7.3 – Document Retention List
Section 8 – Correspondence and Notices – Refer to Step 9 above
- Part 8.1 – Correspondence and Notices from the Information Regulator
Section 9: Guidance Notes and Forms
- Part 9.2 – For Data Subjects:
- Form 1 – Objection to The Processing of Personal Information in terms of Section 11(3)
- Form 2 – Request for Correction, Deletion or Destruction of Personal Information Record in terms of Section 24(1)
- Form 5 – Complaint of Interference with POPIA or Complaint Regarding Determination of An Adjudicator in terms of Section 7
- Form 11 – Request for an Assessment Section 89(1)
- Part 9.2 – For Information Officers:
- Guidance Note on Registering Information Officers and Deputy Information Officers
- Guidance Note on the Processing of Children’s Information and Application to Process Children’s Personal Information
- Guidance Note on Processing Special Personal Information and Application to Process Special Personal Information
- Guidance Note for Information Officers on the Processing of Personal Information in the COVID-19 Pandemic
- Guidance Note on Prior Authorisations and Application for Prior Authorisation.
- Form 3 – Application for the Issue of a Code of Conduct Section 61(1)(B).
- Form 4 – Application for the Consent of a Data Subject for the Processing of Personal Information for the Purpose of Direct Marketing Section 69(2).
- Form 5 – Complaint Regarding Interference with the POPIA / Complaint Regarding Determination of An Adjudicator Section 74.
- Form 11 – Request for an Assessment Section 89(1).
- Document Retention List.
- Attach Form C – PAIA Request for access to information.
[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column css=”.vc_custom_1642666160999{background-color: #ed3e13 !important;}”][vc_column_text css=”.vc_custom_1652952082474{background-color: #ed3e13 !important;}”]
Buy the POPIA File Table of Contents here
[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column css=”.vc_custom_1643102306788{background-color: #15ab00 !important;}”][vc_column_text css=”.vc_custom_1643102316583{background-color: #15ab00 !important;}”]
Step 10: Welcome to POPIA Compliance!
Try and arrange for the legal representative that you usually work to the review your POPIA File
[/vc_column_text][/vc_column][/vc_row][vc_row full_width=”stretch_row_content” equal_height=”yes”][vc_column][vc_empty_space][vc_custom_heading text=”Free POPI Act Downloads” font_container=”tag:h1|text_align:center|color:%2315ab00″ use_theme_fonts=”yes”][vc_row_inner][vc_column_inner][vc_empty_space][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row equal_height=”yes” el_id=”buydocuments”][vc_column width=”1/3″ css=”.vc_custom_1643103663432{background-color: #c8ffc0 !important;}”][vc_column_text css=”.vc_custom_1646730193535{background-color: #c8ffc0 !important;}”]
IR Guidance Notes and Application Forms
- Employees (if it’s impossible to get consent from the employee):
- Children:
- Prior Authorisation:
- Guidance Note for Information Officers on the Processing of Personal Information in the COVID-19 Pandemic.
[/vc_column_text][/vc_column][vc_column width=”1/3″ css=”.vc_custom_1643103673811{background-color: #c8ffc0 !important;}”][vc_column_text css=”.vc_custom_1646729570606{background-color: #c8ffc0 !important;}”]
Official Information Officer Forms to be Made Available to Data Subjects
- Form 1 – Objection to The Processing of Personal Information in terms of Section 11(3)
- Form 2 – Request for Correction, Deletion or Destruction of Personal Information Record in terms of Section 24(1)
- Form 3 – Application for the Issue of a Code of Conduct
- Form 5 – Complaint of Interference with POPIA or Complaint Regarding Determination of An Adjudicator in terms of Section 7
- Form 11 – Request for an Assessment Section 89(1)
- Form C (PAIA Request for Access to Information)
- Document Retention List
[/vc_column_text][/vc_column][vc_column width=”1/3″ css=”.vc_custom_1643103683835{background-color: #c8ffc0 !important;}”][vc_column_text css=”.vc_custom_1643104860908{background-color: #c8ffc0 !important;}”]
Publications and Links
- Publications:
- Protection of Personal Information Act No. 4 of 2013 (POPI Act)
- Promotion of Access to Information Act No. 2 of 2000
- Links:
- Information Regulator Website
- Portal to register an Information Officer and Deputy Information Officer
- POPI Infographic
- Read the POPI blog
[/vc_column_text][/vc_column][/vc_row][vc_row equal_height=”yes”][vc_column css=”.vc_custom_1643103663432{background-color: #c8ffc0 !important;}”][vc_column_text css=”.vc_custom_1643195684139{background-color: #c8ffc0 !important;}”]
Official Information Regulator Forms to be Aware Of
- Form 6 – Notice of a Conciliation Meeting.
- Form 7 – Notice to Parties: Conciliation Regarding Interference with the POPIA Section 76.
- Form 8 – Notice of the Regulators Intent to Investigate a Complaint Section 79.
- Form 9 – Notice to Parties Settlement Meeting Regarding Interference with the POPIA of Section 76.
- Form 10 – Notice to Parties Settlement Regarding Interference with the POPIA Section 76.
- Form 12 – POPIA Form 12 Notification of the Assessment of the Regulations Relating POPI Section 89.
- Form 13 – Notice to Parties Not to Issue an Enforcement Notice Section 94.
- Form 14 – Referral to Enforcement Committee Section 92.
- Form 15 – Enforcement Notice Section 95.
- Form 16 – Cancellation or Variation of Enforcement Notice Section 96.
- Form 17 – Notice of Appeal Section 97 of POPIA.
- Form 18 – Substitution for Setting Aside of Enforcement Notice.
- Form 19 – Notice of Dismissal of Appeal Section 98.
[/vc_column_text][/vc_column][/vc_row][vc_row el_id=”buysubscription”][vc_column width=”1/6″][/vc_column][vc_column width=”4/6″][vc_row_inner css=”.vc_custom_1582724524958{border-top-width: 3px !important;border-right-width: 3px !important;border-bottom-width: 3px !important;border-left-width: 3px !important;border-left-color: #ff00ff !important;border-left-style: solid !important;border-right-color: #ff00ff !important;border-right-style: solid !important;border-top-color: #ff00ff !important;border-top-style: solid !important;border-bottom-color: #ff00ff !important;border-bottom-style: solid !important;border-radius: 3px !important;}”][vc_column_inner][vc_custom_heading text=”Gain access free to all Tools for Schools documents” font_container=”tag:h1|text_align:center” use_theme_fonts=”yes” bb_tab_container=””][vc_column_text]Purchase a full subscription and get free access hundreds of editable Word and Excel templates to manage your Early Childhood Development Centre.[/vc_column_text][vc_btn title=”Buy A Full Subscription Today” style=”gradient-custom” gradient_custom_color_1=”#ff00ff” gradient_custom_color_2=”#5adeff” shape=”square” align=”center” button_block=”true” bb_tab_container=”” link=”url:http%3A%2F%2Ftechnovation-edu.co.za%2Fmembership-account%2Fmembership-levels%2F||target:%20_blank|”][/vc_column_inner][/vc_row_inner][/vc_column][vc_column width=”1/6″][/vc_column][/vc_row][vc_row][vc_column width=”1/6″][/vc_column][vc_column width=”4/6″][vc_custom_heading text=”Otherwise, buy Individual POPI Act Templates” font_container=”tag:h1|text_align:center|color:%2315ab00″ use_theme_fonts=”yes”][vc_column_text]
Click on the template below to buy them. Perhaps consider purchasing a12-month subscription (for R1280 once-off) as it is by far the most cost-effective way to do it.
[/vc_column_text][vc_empty_space]
-
Annual Personal Information Update Form – Parents
R20.00 Add to cart -
Data Subject Letter of Rights and Permissions for Employees
R30.00 Add to cart -
Data Subject Letter of Rights and Permissions for Third Parties
R30.00 Add to cart -
Data Subject Permission and Rights Letter for Consumers
R30.00 Add to cart -
Exit Interview Questions
R20.00 Add to cart -
Job Description POPIA Information Officer
R50.00 Add to cart -
Job Description POPIA Operator
R50.00 Add to cart -
Letter of Appointment for the POPIA Information Officer
R30.00 Add to cart -
Official Forms
R0.00 Add to cart -
PAIA Awareness and Understanding Article
R50.00 Add to cart -
POPIA Agreement and Letter of Appointment for the Operator
R50.00 Add to cart -
POPIA Awareness and Understanding Article
R100.00 Add to cart -
POPIA Complaints Register
R20.00 Add to cart -
POPIA Data Subject Consent to Process Register
R20.00 Add to cart -
POPIA Data Subject Request to Delete Information Register
R20.00 Add to cart -
POPIA Data Subject Request to Update Information
R20.00 Add to cart -
POPIA Data Touch Point Spreadsheet
R0.00 Add to cart -
POPIA Document Destruction Register
R20.00 Add to cart -
POPIA Document Register
R20.00 Add to cart -
POPIA Document Retention List
R50.00 Add to cart -
POPIA Gap Analysis
R50.00 Add to cart -
POPIA Project Plan
R50.00 Add to cart -
POPIA Website Disclaimer
R30.00 Add to cart -
Privacy Policy
R300.00 Add to cart