POPIA Compliance update: Resources and options
The ‘D’ day for POPIA compliance has come and gone. Some of us have it all sussed and sorted, some had good intentions but have been diverted by other dramas, and some are still wondering whether they need to engage with POPIA (for the last lot, yes you do!)
The good news is that the Information Regulator’s office seems to be as stuck as its website still is, with the Information Officer registration portal still not accessible due to technical difficulties. Our suspicion is that the technical difficulties were caused by a deluge of registration attempts on 1 July. The bad news is the same as the good news, really – with nothing so far coming out of the Information Regulator (other than the 13 July warning that photos of the ex-President taken by Correctional Service members have been published in breach of JZ’s rights to protection of his personal information) we do not have much to go on, in terms of further guidance for implementation.
The market is flooded with people selling POPIA compliance packages and services, and there is no shortage of choices out there. We have seen that there are four main components of compliance which need dealing with:
Websites and other public documents need to be aligned and tweaked to demonstrate that your organisation has thought through the POPIA and related requirements and is taking steps to comply with them;
Internal policies, systems and processes
This is about adjusting the ways you work and communicate to take POPIA compliance into account. HR consultants and labour lawyers are typically providing sound advice and useful documents to deal with this aspect
Here you need the expertise of people with IT skills, to assess your current systems, storage, protocols and to change or build them for improved security (note that the weakest point for security is often people, which leads us to the next topic…)
Implementing training and awareness programs inside the organisation is part of POPIA compliance. Once again, there are many who are offering this service. For online training, Michalsons has developed a non-profit ‘lens’ through which their size-tailored training package can be viewed. Depending on how fast you work through the material provided (they charge a monthly fee for however long it takes you) it can be a reasonably priced option, and they do offer discounts on their published price to non-profits on request. See their costings here.