The role of the Responsible Party

Residential Security Handbook 2021: Smart Estate Living Security Services & Risk Management

Stepping into the new year in the current socioeconomic climate is a challenge for organisations of any kind. There are a variety of new rules and regulations to follow. These rules and regulations are put into place to help protect businesses and individuals. In addition to complying with and managing COVID-19 regulations, organisations also need to ensure that they are complying with the regulations set out by the Protection of Personal Information Act (PoPIA).

To comply with the Act’s requirement that all businesses need to obtain consent for all data processed through the organisation, many businesses are assigning this work to so-called ‘Responsible Parties’. These parties are the accountable parties tasked with protecting personal and/or private data.

According to the Government Gazette, a Responsible Party refers to: A public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

Conditions of compliance

PoPIA outlines that, for the processing of personal information to be lawful, certain conditions must be met, and the processes and procedures must comply with several regulations. These regulations include elements such as: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation.

According to Carrie Peter, Solution Owner at Impression Signatures, “It is imperative that when organisations use or assign responsibilities to a Responsible Party, they ensure all regulations and specifications are complied with by this party. The Responsible Party is held accountable for ensuring that the conditions for lawful processing of personal data are met.”

Carrie Peter.

To support smaller businesses in ensuring compliance, Impression Signatures embarked on a PoPIA campaign that provides relevant information about the Act, free of charge. The campaign seeks to simplify and demystify the roles and responsibilities of the Act. With this approach, it hopes to support businesses that do not have large budgets available to employ compliance officers specifically for PoPIA purposes.

The Responsible Party works in conjunction with the operator and regulator. This collaboration ensures that all entities are working in cohesion to maintain and comply with the required regulations. The reason for the collection of the data set must be explicitly and clearly explained and outlined to the data subject, and must adhere to lawful processes.

“It is important to remember that this Act has been put into place to protect the rights of individuals and entities; to protect personal information. This means that, while an organisation and/or Responsible Party may have access and the required permission to use that data, the data primarily belongs to the data subject and is being ‘borrowed’ by the organisation. So, if the data subject requests access to or the deletion of this information, the organisation and/or Responsible Party must comply,” continues Peter.

Clear processes and procedures

To comply, the Responsible Party must keep a clear and definite record of processes and procedures. This record should be able to prove that the information was obtained with the consent and explicit knowledge of the data subject and that the data subject was informed of the intended use of the data. The Responsible Party must be able to prove that the data was used for its specified intent and that all legal and ethical regulations were adhered to.

The Responsible Party is not allowed to utilise this information outside of the parameters of its stipulated intent and may not disperse the information without explicitly stated consent from the data subject. The Responsible Party will need to ensure that effective safeguards are put into place to protect the information from being released and/or from being used outside of its consented intent. Proof and processes of these safeguards must be recorded in detail as evidence of compliance.

“There is a lot of weight placed onto the Responsible Party to ensure that all regulations are being adhered to. It is vital that those assigned with this role are aware and fully educated in the rules and regulations of this act,” concludes Peter. “To meet these standards, it is imperative that the Responsible Party not only follow the letter of the law, but that detailed records of these processes and procedures are kept and maintained.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Numerous challenges for transport and logistics
Transport (Industry) CCTV, Surveillance & Remote Monitoring Security Services & Risk Management Logistics (Industry)
Operators are making significant investments in automation and digitalisation in order to address security concerns, improve loss prevention as well as efficiency, and reduce unit order costs.

Defining the resilience of cybersecurity
Cyber Security Security Services & Risk Management
Cyber resilience is less buzzword and more critical business strategy as the cybercrime landscape grows in intent and intensity.

Technology and the future of security installation in South Africa
Editor's Choice Integrated Solutions Security Services & Risk Management
What are the technologies and trends shaping installation, service and maintenance teams globally, and how will they shape South African businesses today and in the future?

The technology wave implications for staff mismatches in control rooms
Leaderware Editor's Choice Security Services & Risk Management
An industry habit of looking at control rooms through a physical security lens has increasingly left clients and staff at a disadvantage in keeping up with control room technology and demands.

Streamlining processes, integrating operations
Security Services & Risk Management Integrated Solutions Transport (Industry) Logistics (Industry)
With Trackforce Valiant, Airbus now has one single platform that connects its security guards, supervisors and management across its organisation.

Smollan partners with FleetDomain
Logistics (Industry) Asset Management, EAS, RFID Security Services & Risk Management Transport (Industry)
Smollan has been using FleetDomain to manage its fleet of around 2000 vehicles in South Africa, enabling it to contain costs and manage its fleet much more effectively.

Smarter parking services
Security Services & Risk Management Transport (Industry) Logistics (Industry)
Smart technologies are changing the face of parking services and helping property owners realise their commercial objectives.

Adopting a cyber-secure mindset
Security Services & Risk Management Cyber Security
Adopting a cybersecure mindset is the key to mitigating the risk of falling victim to the growing cybercrime pandemic.

SAFPS warns against advance-fee scam
News Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) has warned consumers of an advance-fee scam where the perpetrator is falsely presenting themself as a representative of the SAFPS.

Fire prevention in your home or business?
Fidelity Services Group Fire & Safety Security Services & Risk Management
A recent fire at a nightclub in Boksburg has once again highlighted the importance of fire safety for both homes and businesses. When a fire breaks out, the consequences can be devastating.