DIY POPIA solution for small to medium enterprises

Posted on 1 Comment

Whilst bigger organisations have the resources to develop the tools and solutions to ensure compliance with the POPI Act, many smaller and medium sized businesses need to fend for themselves in this regard. Moonstone has developed a Do-It-Yourself POPIA Solution based on the specific needs of the latter.

The POPIA Toolkit

The POPIA Toolkit is aimed at addressing essential compliance risks within the POPI Act and includes useful and customisable templates which will assist your business along its POPIA journey.

The content of the POPIA Toolkit includes the following customisable templates:

Customisable TemplateHow will it benefit my business?

Privacy Notice for Financial Services Providers Section 18 of the POPI Act stipulates that, where personal information is collected, the responsible party must take reasonably practicable steps to ensure that the data subject is aware of all of the elements listed in section 18(1)(a) to (h).

The aforementioned “practicable steps” usually takes the form of a privacy notice, which can be published by your business on its website, or the notice can be sent to the data subject whenever the business will be processing that data subject’s personal information.

The Privacy Notice is drafted from a financial services provider’s perspective and will be a valuable template to guide you through the numerous requirements stipulated in section 18.

Activity Checklist The POPI Act contains numerous obligations which your business must adhere to. Navigating these obligations by only referring to the wording and structure of the Act itself can be intimidating.

In light of this daunting prospect, we have simplified the POPI Act for you by developing a POPIA Activity Checklist which contains 32 structured activities that are fundamental to establishing a POPIA compliance framework within your business.

The Activity Checklist also provides valuable guidance on the application of each activity and gives further context to the activity within the POPIA compliance framework. This checklist is therefore not a “tick box” template, but rather provides valuable insight into how your business can go about managing its POPIA compliance project on a “Do It Yourself” basis.

Protection of Personal Information (POPI) Policy This is a recommended template for a POPI Policy which can be customised according to the requirements of your business.

The POPI Policy includes the legislative requirements in the POPI Act, the Regulations to the POPI Act, as well as the recently issued Guidance Note on Information Officers and Deputy Information Officers.

This template also includes additional customisable annexures such as a Personal Information Request Form; POPI Complaint Form; generic POPIA Privacy Notice; Employee Consent and Confidentiality Clause; SLA Confidentiality Clause and a (Deputy) Information Officer Appointment Letter.

Regulatory Risk Register You might not be surprised to learn that, in our opinion, the POPI Act contains about 104 risks that has to be evaluated and monitored by your business. The easiest way to decide how you will be prioritising these risks is by rating the risks applicable to your business and addressing the highest rated risks first. This risk register, therefore, provides you with a risk rating tool.

To get a bird’s eye view of these risks, we have mapped out the 104 POPIA risks on a customisable regulatory risk register. This means that you can either add or delete risks that do not apply to your business.

The register also provides for likelihood and impact ratings, a final risk rating (with different colours to generate a risk “heatmap”), a description of control measures and suggested compliance risk areas.

Legislation We have compiled a convenient folder of the relevant POPIA legislation that has been published to date. This folder includes the POPI Act, the Regulations to the Act, Guidance Notes, Codes of Conduct and Government Gazettes.

Where can I find the POPIA Toolkit?

The POPIA Toolkit is available to current clients of Moonstone Compliance (Pty) Ltd free of charge. Non-clients can buy it at a fee of R2900.00 excluding VAT.

The POPIA Toolkit can be purchased online on our website.

Clients of Moonstone Compliance (Pty) Ltd have been advised via a newsletter on how to access the kit. If in doubt, please contact your compliance officer.

We also recommend, very strongly, that you utilise the three POPIA training options offered by the Moonstone Business School of Excellence for the training interventions for various role players in your business. This will ensure understanding of the requirements of the Act and correct application of the DIY kit.

Should you have any queries regarding the order process, kindly view  our Order Guide, or contact our offices at 021 883 8000.

1 thought on “DIY POPIA solution for small to medium enterprises

  1. Hi Phumla. Please click on this link. https://workshops.moonstone.co.za/product/popia-toolkit/

Comments are closed.