1. POPIA Compliance: 8 conditions a responsible party should be aware of
  2. POPIA Compliance: Implementation Solutions (this article)
  3. POPIA Compliance: the power of technology

POPIA places onerous obligations on all organisations that process personal information. It is therefore important for organisations to properly undertake some form of a POPI strategy towards compliance. It must be stressed, and we have seen with clients we are advising currently, that the road to POPI compliance is not an overnight fix and requires a continuous level of attention and executive buy-in over a sustained period to ensure compliance. I say this because POPI is likely to touch upon every aspect of how an organisation goes about doing business, both externally and internally.

Every organisation is different in the way it does business so therefore it is important to have agile solutions which clients can lean up on when seeking to embark upon POPI compliance. It is for this very reason that Andersen South Africa has developed an agile data privacy solution which can be easily adaptable based on client requirements, whether through a lightweight manual toolkit or through a more complex managed process necessitating tech integration.

Below is a brief review of the data privacy solutions to assist organisations in their compliance journey.

Manual Process

The manual process that does not involve in tech integration can be summarised as follows:

  • this process is a strict manual data privacy compliance audit in which our team of data protection advisors will advise you on your compliance;
  • the process will always commence with an introduction consultation with the client to better inform the executive team of POPI and ensure they have a better understanding of the law, together with getting an understanding and feel for the organisation and its structure;
  • this will be followed by a compliance audit questionnaire to allow us to understand your organisation's compliance with POPI as it stands today. This will allow us to then map a compliance framework for the organisation to roll out;
  • that compliance framework will include our team guiding and providing your organisation with required policies and procedures, training staff, reviewing service level agreement and guiding the information officer on his or her duties;
  • this process will also involve a dedicated team of advisors who will address any questions you have regarding data privacy either by email or telephonically.

Tech Process

This tech process is powered by the solution known as RUBIQ in which information privacy of an organisation is executed and managed through the RUBIQ Information Privacy Management System with the support of our subject matter experts and support team.

The process is broken up into 4 phases:

  1. Phase 1: the assessment of your current information privacy maturity and context of your organisation;
  2. Phase 2: our subject matter experts and projects team put together a Compliance Plan for you based on the outcomes of phase 1;
  3. Phase 3: we assist you in executing the Compliance Plan. We use the RUBIQ system modules, toolsets and content to drive the activities, processes, reviews and tasks necessary to successfully achieve POPI compliance; and
  4. Phase 4: we support you in maintaining your compliance and provide supporting services around incident management, reporting and data analysis (where required)

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.