The commencement date of the Protection of Personal Information Act 40 of 2013 (POPIA) has finally been announced. POPIA aims to give effect to the constitutional right to privacy, which is set out by the Constitution of South Africa, by introducing measures that will ensure that personal information is processed by organisations in a fair, transparent and secure manner.
Organisations have 12 months from, 1 July 2020, to become compliant. In our experience, this won’t be enough time for most large and complex organisations to become compliant.
Implementing the requirements of POPIA can be a daunting task for organisations, especially if you are starting late with your programme.
Through working with many organisations over the last number of years, we have developed a number of good practices that have successfully helped organisations accelerate the implementation of POPIA.
PwC’s multidisciplinary team of privacy, legal, data, advisory and cyber security specialists can assist you on your journey to privacy compliance.
We have advised and assisted many organisations, from small enterprises to large corporates, in their POPIA compliance journeys. Based on our experience in providing privacy advisory, legal and cyber security services to our clients we have defined a holistic framework for the management of privacy risk that is designed to enable organisations to leverage good practices that can be tailored to address each organisation’s unique privacy vision and risk exposure.
Risk analysis and data gathering activities to gain an understanding of your POPIA risk and data footprint (including privacy impact assessments, data inventories and data flow mapping).
Identification of gaps in your privacy capabilities and prioritisation of remediation activities.
Implementation of POPIA programme components to remediate known compliance gaps and establish privacy management practices based on your organisation’s unique environment.
Performing a readiness review of your POPIA programme to provide you with insights on your readiness. Facilitation of data breach simulations to test your POPIA readiness through a simulated data breach scenario.
Establishing ongoing compliance mechanisms to promote continued accountability for privacy management (including compliance risk management plans, training and awareness).
Training is an important aspect in your POPIA compliance journey. The likelihood of complying with the requirements of POPIA is very slim if the individuals in your organisation do not understand the legislation and the role they need to fulfil to ensure that the purpose of POPIA is carried out appropriately.
PwC provides training at two levels, for executives (owners and directors of an organisation) and for employees (including management). Training covers aspects such as the purpose of the POPIA, insight into the key sections covered by POPIA and training specific to the organisation’s POPIA policy standards.