The POPI Act is significant because it safeguards data subjects against harm such as theft and discrimination. Non-compliance risks include reputational harm, fines and imprisonment, and the payment of damages claims to data subjects. Businesses are required by the POPI Act to regulate how information is organised, stored, secured, and discarded. This ensures that the company can maintain the integrity and confidentiality of its clients’ and employees’ personal information by preventing data loss, damage, and unauthorised access. The POPI Act is not only for businesses; it can also be used by you as an individual.
This is how you should educate your employees about POPI.
Those of you who process personal information daily such as customer-facing employees require special training. Sales managers and marketers must be aware of the marketing implications of the POPI Act with a focus on direct marketing issues. Data protection is here to stay, so it’s better to start thinking about it now rather than later. Taking a project-based approach to POPI implementation means that each work-stream has its own set of deliverables to help maintain focus and achieve the desired outcome. POPI encompasses a wide range of workstreams, each with its own set of operational requirements to comply with legislation. The operational teams are rarely capable of implementing the requirements on their own.
The 5 Best Tips to successfully implement POPI at your workplace.
- Begin the process by conducting a thorough audit of the current processes in place in the organisation for collecting, storing, distributing, and destroying any personal information.
- Obtain the commitment and support of management. This is critical for instilling a data protection culture that guides employee behaviour.
- A series of organisational-wide training programmes covering all aspects of information security should be implemented. The lessons should be reinforced as frequently as possible. Your employees must modify their behaviour when dealing with the personal information of co-workers and customers. This necessitates raising awareness and education, as well as fostering a culture that values privacy and data security.
- Form a multifunctional project team to carry out the POPI compliant process. This contributes to the required focus and momentum.
- Collaborate with your legal department, but also include everyone. POPI implementation is more than just a legal requirement. There are operational requirements to be met to comply, such as having to implement a secure record destruction process. The legal department can advise the project team on concerns such as forms, standard letters, and call centres.
How to go about becoming POPI Compliant
POPI will be implemented at WWISE and globally on 1st July 2021 and will tend to your needs of becoming POPI compliant. WWISE can assist you to become POPI compliant by planning and managing your information security and privacy awareness and training programme by consulting with us; we can workshop it with you, or you can join our awareness training programme. WWISE can also raise awareness among your employees about specific issues by requesting POPI Act training tailored to your organisation’s specific needs. Your company must take a few steps to store an individual’s information effectively and securely. Some steps to assist you are:
- Gather only the information that is relevant to your company and that you require.
- Apply adequate security measures to protect your employees’ and customers’ information, such as safe and secure cloud backup of their information or safe filing of their information, either digitally or manually, where it is not accessible from any outside sources.
- Ensure that your employees’ and customers’ information is relevant to your needs and is kept up to date – for example, any changes in address, contact numbers, and so on should be updated.
- The company should only keep the information of its employees or customers for as long as it needs it – once a staff member resigns or a customer is no longer on your books, their information is no longer required.
- If a staff member or customer requests to see what information you have on file for them, they have every right to do so for the sake of their privacy – do not withhold it.
- Ensure that adequate staff training and education is provided on how to store customer information effectively and securely, as well as what can and cannot be shared. Employees frequently share sensitive information without fully understanding the consequences.
Are you prepared to become POPI Compliant? On the 1st of July 2021, the POPI Act will be implemented globally. Prepare yourself and your company to become POPI compliant and aware of POPI or allow WWISE to assist you and your company in becoming POPI compliant.
WWISE creates excellence by driving the success of our clients through ISO standards. We help organisations to embed resilience, helping them to cultivate sustainably, adapt to any change, and thrive for the long term.
For more information on ISO contact WWISE today on 08610 99473 or 021 525 9159, or visit our website: https://www.wwise.co.za.