The role of the Responsible Party

Residential Security Handbook 2021: Smart Estate Living Security Services & Risk Management

Stepping into the new year in the current socioeconomic climate is a challenge for organisations of any kind. There are a variety of new rules and regulations to follow. These rules and regulations are put into place to help protect businesses and individuals. In addition to complying with and managing COVID-19 regulations, organisations also need to ensure that they are complying with the regulations set out by the Protection of Personal Information Act (PoPIA).

To comply with the Act’s requirement that all businesses need to obtain consent for all data processed through the organisation, many businesses are assigning this work to so-called ‘Responsible Parties’. These parties are the accountable parties tasked with protecting personal and/or private data.

According to the Government Gazette, a Responsible Party refers to: A public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information.

Conditions of compliance

PoPIA outlines that, for the processing of personal information to be lawful, certain conditions must be met, and the processes and procedures must comply with several regulations. These regulations include elements such as: accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards and data subject participation.

According to Carrie Peter, Solution Owner at Impression Signatures, “It is imperative that when organisations use or assign responsibilities to a Responsible Party, they ensure all regulations and specifications are complied with by this party. The Responsible Party is held accountable for ensuring that the conditions for lawful processing of personal data are met.”

Carrie Peter.

To support smaller businesses in ensuring compliance, Impression Signatures embarked on a PoPIA campaign that provides relevant information about the Act, free of charge. The campaign seeks to simplify and demystify the roles and responsibilities of the Act. With this approach, it hopes to support businesses that do not have large budgets available to employ compliance officers specifically for PoPIA purposes.

The Responsible Party works in conjunction with the operator and regulator. This collaboration ensures that all entities are working in cohesion to maintain and comply with the required regulations. The reason for the collection of the data set must be explicitly and clearly explained and outlined to the data subject, and must adhere to lawful processes.

“It is important to remember that this Act has been put into place to protect the rights of individuals and entities; to protect personal information. This means that, while an organisation and/or Responsible Party may have access and the required permission to use that data, the data primarily belongs to the data subject and is being ‘borrowed’ by the organisation. So, if the data subject requests access to or the deletion of this information, the organisation and/or Responsible Party must comply,” continues Peter.

Clear processes and procedures

To comply, the Responsible Party must keep a clear and definite record of processes and procedures. This record should be able to prove that the information was obtained with the consent and explicit knowledge of the data subject and that the data subject was informed of the intended use of the data. The Responsible Party must be able to prove that the data was used for its specified intent and that all legal and ethical regulations were adhered to.

The Responsible Party is not allowed to utilise this information outside of the parameters of its stipulated intent and may not disperse the information without explicitly stated consent from the data subject. The Responsible Party will need to ensure that effective safeguards are put into place to protect the information from being released and/or from being used outside of its consented intent. Proof and processes of these safeguards must be recorded in detail as evidence of compliance.

“There is a lot of weight placed onto the Responsible Party to ensure that all regulations are being adhered to. It is vital that those assigned with this role are aware and fully educated in the rules and regulations of this act,” concludes Peter. “To meet these standards, it is imperative that the Responsible Party not only follow the letter of the law, but that detailed records of these processes and procedures are kept and maintained.”

For more information go to

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The state of the distribution market
ESDA (Electronic Security Distributors Association Bosch Building Technologies Dark Horse Distribution Elvey Security Technologies Regal Distributors SA G4S Secure Solutions SA Editor's Choice Security Services & Risk Management
The distribution industry has evolved over the years and its current challenges simply mean another change is in the wind, for those who can take the next step.

Training that delivers
Technews Publishing Leaderware ESDA (Electronic Security Distributors Association BTC Training Africa Editor's Choice Security Services & Risk Management Conferences & Events Training & Education
Hi-Tech Security Solutions hosted a virtual conversation to address the challenges and solutions related to effective and measurable training and education in the security industry.

The importance of traceable records
Technews Publishing Editor's Choice Security Services & Risk Management
Traceable records streamline performance management, training, evidence records and reduce fraud, corruption and criminal activities.

Creating the district ID database
Technews Publishing Agriculture (Industry) Security Services & Risk Management
Continuing his series on preparing for and preventing farm attacks, Laurence Palmer discusses developing an identity system for districts at risk.

Expand your security company offering with mySOS
Security Services & Risk Management
Expand your existing security solutions with a mobile, branded panic button from mySOS. You can now protect your existing client base beyond the perimeter of their property and add real value.

Is industry inertia keeping SIM-swap fraud alive?
Security Services & Risk Management
SIM-swap fraud has been around for decades and according to the latest SABRIC figures, incidents increased 91% year-on-year when looking at digital banking fraud across all platforms.

Personal security awareness
LD Africa Security Services & Risk Management
Whether it’s our homes, cars, family, businesses or assets, personal security is something that has to be considered daily.

Communication in any situation
Elvey Security Technologies Global Communications Security Services & Risk Management
Global Communications offers an industry-first with five-year warranty on select Kenwood two-way radios.

The year resilience paid off
Editor's Choice Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

Dealing with the people risk factor
Security Services & Risk Management
Mimecast research revealed that the most pressing security concerns remain focused on data breaches, phishing, spear-phishing and ransomware, all areas in which awareness training can be highly effective at reducing risk.