The role of the Responsible Party

Residential Security Handbook 2021: SMART Estate Living Security Services & Risk Management

Stepping into the new year in the current socioeconomic climate is a challenge for organisations of any kind. There are a variety of new rules and regulations to follow. These rules and regulations are put into place to help protect businesses and individuals. In addition to complying with and managing COVID-19 regulations, organisations also need to ensure that they are complying with the regulations set out by the Protection of Personal Information Act (PoPIA).

To comply with the Act’s requirement that all businesses need to obtain consent for all data processed through the organisation, many businesses are assigning this work to so-called ‘Responsible Parties’. These parties are the accountable parties tasked with protecting personal and/or private data.

According to the Government Gazette, a Responsible Party refers to: A public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

Conditions of compliance

PoPIA outlines that, for the processing of personal information to be lawful, certain conditions must be met, and the processes and procedures must comply with several regulations. These regulations include elements such as: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation.

According to Carrie Peter, Solution Owner at Impression Signatures, “It is imperative that when organisations use or assign responsibilities to a Responsible Party, they ensure all regulations and specifications are complied with by this party. The Responsible Party is held accountable for ensuring that the conditions for lawful processing of personal data are met.”

Carrie Peter.

To support smaller businesses in ensuring compliance, Impression Signatures embarked on a PoPIA campaign that provides relevant information about the Act, free of charge. The campaign seeks to simplify and demystify the roles and responsibilities of the Act. With this approach, it hopes to support businesses that do not have large budgets available to employ compliance officers specifically for PoPIA purposes.

The Responsible Party works in conjunction with the operator and regulator. This collaboration ensures that all entities are working in cohesion to maintain and comply with the required regulations. The reason for the collection of the data set must be explicitly and clearly explained and outlined to the data subject, and must adhere to lawful processes.

“It is important to remember that this Act has been put into place to protect the rights of individuals and entities; to protect personal information. This means that, while an organisation and/or Responsible Party may have access and the required permission to use that data, the data primarily belongs to the data subject and is being ‘borrowed’ by the organisation. So, if the data subject requests access to or the deletion of this information, the organisation and/or Responsible Party must comply,” continues Peter.

Clear processes and procedures

To comply, the Responsible Party must keep a clear and definite record of processes and procedures. This record should be able to prove that the information was obtained with the consent and explicit knowledge of the data subject and that the data subject was informed of the intended use of the data. The Responsible Party must be able to prove that the data was used for its specified intent and that all legal and ethical regulations were adhered to.

The Responsible Party is not allowed to utilise this information outside of the parameters of its stipulated intent and may not disperse the information without explicitly stated consent from the data subject. The Responsible Party will need to ensure that effective safeguards are put into place to protect the information from being released and/or from being used outside of its consented intent. Proof and processes of these safeguards must be recorded in detail as evidence of compliance.

“There is a lot of weight placed onto the Responsible Party to ensure that all regulations are being adhered to. It is vital that those assigned with this role are aware and fully educated in the rules and regulations of this act,” concludes Peter. “To meet these standards, it is imperative that the Responsible Party not only follow the letter of the law, but that detailed records of these processes and procedures are kept and maintained.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Building a solid foundation
Alwinco Security Services & Risk Management Asset Management Residential Estate (Industry)
Understanding the roles of a Risk Assessor and a Risk Manager is like building a solid and secure foundation in the security world. Andre Mundell makes it easy to understand.

Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

A standards-based, app approach to risk assessments
Security Services & Risk Management News & Events
[Sponsored] Risk-IO is web-based and designed to consolidate and guide risk managers through the whole risk process. In this article, SMART Security Solutions asks Zulu Consulting to tell us more about Risk-IO and how it came to be.

Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Integrate digital solutions to reduce carbon footprint
Facilities & Building Management Security Services & Risk Management
As increasing emphasis is placed on the global drive towards net zero carbon emissions, virtually every industry is being challenged to lower its carbon footprint and adopt sustainable practices.

Visualise and mitigate cyber risks
Security Services & Risk Management
SecurityHQ announced its risk and incident management capabilities for the SHQ response platform. The SHQ Response Platform acts as the emergency room, and the risk centre provides the wellness hub for all cyber security monitoring and actions.