When is consent required to process your information?

Issue 3 2021 Editor's Choice

The majority of organisations are not yet compliant with the Protection of Personal Information Act (PoPIA) which becomes effective on 1 July this year. According to a survey conducted by TPN Credit Bureau on how ready companies are for PoPIA, only 27.4% are process ready and 40.3% are ready from a governance perspective. Technological readiness scored the highest at 57%, which is still a far cry from compliant. Of the 200 companies we surveyed, only 8% scored above 80% for their PoPIA readiness.

Although organisations are expected to be fully compliant with the PoPIA by 1 July with all the necessary systems and processes in place, industry bodies were required to have submitted a code of conduct to the Information Regulator by 1 March 2021 according to Regulation 5 of the PoPI Act. It is highly recommended that those organisations that have not yet started the process of becoming compliant with the PoPIA do so as soon as possible as compliance is a time-consuming process.

The Credit Bureau Association, for example, has submitted its code of conduct to the Information Regulator, who has subsequently opened the code up for public comment. In South Africa, credit bureaux are subject to the restrictions of the National Credit Act which governs the processing of consumer credit information. However, credit bureaux can’t process credit profile information unless they have pre-approval from the Information Regulator.

Another deadline which is looming relates to Regulation 4 of the PoPIA which requires that organisations have appointed an information officer by 1 May. An information officer is responsible for, amongst other things, encouraging compliance with the PoPIA; developing and implementing a compliance framework; and ensuring that a personal information impact assessment is done to ensure that adequate measures and standards exist.

The aim of the PoPIA is to protect personal information and prevent information from being exposed to unauthorised individuals or entities. As such it requires that a set of streamlined processes and systems are established that easily identify where personal information is stored, how that information is processed physically and electronically, who has access to it as well as for what purpose it is required. Not surprisingly, becoming PoPIA-compliant takes time and needs to be an ongoing process.

A failure to be compliant has consequences as organisations could face fines or other penalties depending on the nature of the offence.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Read more...
Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

Read more...
2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Read more...
Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Read more...
Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

Read more...
NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Read more...
The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Read more...
Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

Read more...
AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

Read more...