PoPI Act Compliance Certification Portal
PoPI Act Compliance Certification Portal
|
|
|
|
|---|---|---|---|
| R 4,000 | R 4,500 | R 5,000 | R 6,000 |
| 12 Month Access | 12 Month Access | 12 Month Access | 12 Month Access |
| Free Basic WebScan | Free Basic WebScan | Free Basic WebScan | Free Basic WebScan |
| Get Access | Get Access | Get Access | Get Access |
PoPI Act Compliance Certification Portal Annual Fee (12 month subscription). Prices are incl. VAT. You can run the Online PoPI Act Compliance Checklist tool as often as you like during an active subscription.
PoPI Act Compliance Variations
PoPIA Compliance Bronze >
- A shorter PoPI Act Assessment for smaller / lower risk entities, and at a lower cost. It has appropriate questions and documentation removed (It does not include a PAIA Manual). Qualification Criteria for PoPIA Bronze:
- Private Body
- Annual Turnover less than R10,000,000
- Less than 10 Employees
- No Transborder Flow of Information
- Responsible Party has less than 5 Data Operators
- No processing of Personal Information of Children
- No processing of Special Personal Information
- Religious or Philosophical Beliefs
- Trade Union Membership
- Political Persuasion
- Health or Sex Life details
- Biometric Information
- Criminal Behaviour
- Race is excluded for BBBEE purposes
PoPIA Compliance Silver >
- Incorporating the following additional acts:
PoPIA Compliance Gold >
- Incorporating the following additional Acts:
PoPIA Compliance Platinum >
- The PoPI Act Pro Assessment for Private Bodies – Questions, Company Act References and PAIA Manual are applicable to Private Bodies.
What does PoPI Act Compliance mean?
Any entity that processes any Personal Information has to achieve PoPI Act Compliance.
You need to have a plan in place to ensure the safety of all the Personal Information that you process and measures to ensure that you are allowed to process the Personal Information.
Failure to comply can lead to fines and/or prison.
How do I achieve PoPI Act Compliance?
- Our PoPI Act (PoPIA) Compliance Certification Portal will help you manage your whole PoPI Act Compliance journey.
- It will guide you through what you need to do to become compliant.
- It will also generate the documentation, declarations, policies, forms and registers you will need.
- It will keep you up to date as the Law and/or Regulations change, and as you progress with your own compliance journey.
- The portal will take you through 25 Sections of the PoPI Act asking you simplified relevant questions to your entity to determine your compliance status, building customised documentation for your entity, and giving you a plan of things to work on to become PoPI Act Compliant where necessary
What are the Main Pillars of Compliance?
- An Information Officer needs to be assigned and registered with the regulator
- A Framework needs to be developed around how you process Personal Information
- Your Data Subjects need to give you consent to process their Personal Information and be aware of how you plan on using their Personal Information.
- You must not misuse your Data Subjects Personal Information and safe guard it to ensure other third parties cannot misuse it as well.
The 8 Protection Principles of Lawful Processing:
- Accountability > Section 4
The Responsible Party’s needs to ensure that the conditions imposed by the Government have been properly complied with. - Processing Limitation > Sections 4, 5, 6
Personal Information must be processed for the purpose for which it was obtained. - Purpose Specification > Section 7
Information is only collected, used and stored for carefully defined purposes and time. - Further Processing Limitation > Section 9
Personal Information can only be reused if this usage aligns with the original purpose of collection. - Information Quality > Section 10
Personal Information usage must be guided by ‘quality over quantity’ and therefore a Responsible Party needs to ensure that the Information it manages is complete, accurate, not misleading in nature and updated wherever necessary. - Documentation > Section 11
The Responsible Party should be fully compliant with The Promotion of Access to Information Act (2002), and ensure that no Information is collected unless the data subject fully understands and appreciates the implications of sharing their Information. - Security Safeguards > Sections 13, 14, 15, 16
The Responsible Party needs to ensure all Personal Information is securely and safely stored and processed. - Data Subject Participation > Section 17, 18, 19, 20
The Responsible Party should have measures in place to answer any questions about or update any data subjects Personal Information.
Information Regulator
