No matter the size of your business you need to ensure that you adhere to all the required rules and regulations and the latest one to be added in South Africa is the PoPI Act.
This act seeks to regulate the processing of personal Information and is crucial to any business.
So what is the POPI act all about and how can you ensure that you implement it in the correct way in your business?
PoPI compliance requires organisation’s to put into place certain legal, organisational and technical measures for the management and security of personal information including that of your employees. However, every organisation is unique, and ensuring PoPI compliance is not a ‘one size fits all’ process.
Here is a step-by-step guide to ensure your business’ s compliance:
#1 Identify your existing customer information and who has access to it.
Depending on the size of your business you may be using a CRM ( customer relationship management ) system for your customer information or it can just be an Excel spreadsheet on your PC. Determine which of your staff have access to this database and ensure that there are secure passwords in place to identify which user/s have been accessing the information. Also enable an audit trial for all users accessing this database. In addition, restricting access to the most sensitive data only to the people who have need to use it.
#2 Review the processes through which you collect and process personal information
Depending on the nature of your business, online or offline, you will have different processes in place to collect and process personal information. Set up a task team ( even if it’s just you) to review the processes and methods of collecting the data to ensure that nothing is escaping into the wrong hands or landing up out in the public space.
Schedule a training schedule with all affected employees and ensure that they realise and accept the importance of this training. If required, to add more value, schedule a training session with a service provider that specialises in the PoPI Act and get your employees up to speed.
Some of your obligations in terms of the Act that all businesses are responsible for : ( courtesy of popicompliance.co.za )
- only collect information that you need for a specific purpose
- apply reasonable security measures to protect it
- ensure it is relevant and up to date
- only hold as much as you need, and only for as long as you need it
One of the best way to ensure PoPI compliance is to use reputable cloud applications, service providers and software companies who already have made sure that they adhere to the highest levels of data security and encryption.