- It is important to understand what PoPi is about. A quick and easy way, is to go through the Free PoPi Training for Small Businesses presented by Mr Peter Carruthers. The website address is: April 2021 - Peter Carruthers – I would recommend that all your staff completes this training.
- Now that you have a better understanding, you need to either register yourself as the Information Officer (company owner) or appoint a responsible and accountable staff member in your small business. The registration is done online via The Information Regulator South Africa: Portal | InfoRegSA (justice.gov.za) - this process takes less than 3 minutes, and you are issued with a registration certificate within a matter of seconds – this will also be emailed to you.
- Evaluate all data being processed in your organisation – this starts with reception, whereby individuals complete the Covid Register (don’t forget all the different areas of information being gathered, how this is captured (by whom, how, when), how is this stored?
- Now, ensure that all your policies and procedures are in place, staff are well aware of consequences in NOT complying – start implementation immediately (don’t wait).
- Monitor, Review and update your staff – remember this is a priority, and we all have to comply accordingly.
Key Points and Conditions are as follows:
- Accountability: assigning ownership in your organisation;
- Processing Limitation: processing information for lawful reasons and in a manner that does not infringe privacy;
- Purpose Specification: only obtaining and holding personal information for a specific purpose;
- Further Processing Limitation: Further processing of personal information must be compatible with the purpose for which it was collected;
- Information Quality: ensuring that information is complete and accurate;
- Openness: inform individuals that their information has been obtained and the purpose thereof;
- Security safeguards: the integrity of personal information must be secured using appropriate, reasonable, technical and organisational measures;
- Data Subject Participation: a data subject has the right to request access to their personal information that you hold; to request the information is deleted or corrected if appropriate.