Gearing up for POPIA (Protection of Personal Information Act)
Presented by Karus Prinsloo (inlexso (Pty) Limited)
Thank you very much Karus for presenting at our info-sharing event on the 25th March 2021. Thank you also to all those who attended which was over 160 attendees.
Organisations are gearing up for 1 July 2021! The Protection of Personal Information Act (“POPIA”) has commenced and the year grace period for enforcing POPIA by the Information Regulator established in terms of POPIA, will end at 30 June 2021. The Information Regulator will be enforcing the Act from 1 July 2021.
During the Information sharing session, the following topics were covered:
A brief overview of POPIA:
An overview was provided of:
- Some important definitions
- How POPIA works
- Business areas impacted by POPIA
- Practical implications and consequences of non-compliance
The Role of the Information Officer:
- Every organisation has an IO. This role introduced by The Promotion of Access to Information Act (PAIA).
- Register IO with Information Regulator 1 May onwards
- IO to take up duties after registering with the Information Regulator
POPIA Section 55: Duties and responsibilities of Information Officer & POPIA Regulation 4 Responsibilities of Information Officers
Duties of IO
- Encouraging compliance with the conditions for the lawful processing of personal information
- Dealing with information requests made to the responsible party
- In event of the responsible party being investigated, working with the Information Regulator
- “Otherwise ensuring compliance”
- Other duties which may be prescribed.
- A compliance framework is developed, implemented, monitored and maintained
- A personal information impact assessment is done to ensure that adequate measures and standards exist in order to comply with the conditions for the lawful processing of personal information
- A manual is developed, monitored, maintained and made available as prescribed in sections 14 and 51 of the Promotion of Access to Information Act, 2000 (Act No. 2 of 2000)
- internal measures are developed together with adequate systems to process requests for information or access thereto; and
- internal awareness sessions are conducted regarding the provisions of the Act, regulations made in terms of the Act, codes of conduct, or information obtained from the Regulator.
- Formulate an implementation plan (e.g. POPIA Readiness Assessment (PRA)
- Identify areas of the business impacted
- Have a POPIA champion for the organisation, pulling together all implementation initiatives from representatives across all areas of responsibility
- Identify documents and processes to change
POPIA Readiness Assessment (PRA) in the BarnOwl Cloud
What is the BarnOwl cloud PRA solution:
- BarnOwl Cloud is an action plan & task management SaaS (software as a service) sitting in the Microsoft Azure cloud pre-populated with
- Inlexso’s PRA (POPIA Readiness Assessment) template of best-practice POPIA tasks
- sign up for
- assign participants (owners) to the various POPIA tasks
- collaborate on POPIA tasks
- monitor progress of your POPIA tasks
- get the job done
The need for effective risk management
- Fast track POPIA compliance: pre-populated template of tasks (including a link to the relevant sections of the act)
- Structured approach: manage your POPIA tasks in a structured way
- Drive ownership: assign participants (owners) to tasks including the ability to assign internal and external participants
- Real time progress monitoring: be able to track progress of tasks in real-time including alerts and notifications
- Collaboration: Enable participants to upload evidence and participate in discussion forums against each task
- Task driven: Drive ownership and accountability of tasks to get the job done
How do you sign up:
- Sign up automatically via the BarnOwl Cloud link (anticipated launch date 7th April 2021). We will be sending out the BarnOwl Cloud link via email as close to the 7th April 2021 as possible.
- Secure login and password (Microsoft Azure secure sign on – we do not store login details in the database
- Enter your organisation name (totally distinct and secure multi-tenanted database)
- Add participants (within your organisation or external to your organisation)
- Start using the system (simple, user friendly and intuitive)
How much does it cost:
- Free trial period of 30 days with sample PRA content
- Thereafter cost effective ‘pay as you go’ pricing for the BarnOwl cloud solution (per month / annum) with sliding scale based on the number of users (participants)
- PRA content pricing: TBA
Presentation and Video links:
Useful and associated links:
Once again thank you Karus Prinsloo for your time and for your informative presentation. Thank you too, to all those who attended our info sharing session. We look forward to seeing you at our next info sharing session. Please keep a look out for our upcoming events at: http://www.barnowl.co.za/events/
Director – BarnOwl GRC and Audit software
BarnOwl is a fully integrated governance, risk management, compliance and audit software solution used by close to 200 organisations in Africa, Australasia and the UK. BarnOwl is a locally developed software solution and is the preferred risk management solution for the South African public sector supporting the National Treasury risk framework. Please see www.barnowl.co.za for more information.
About Karus Prinsloo, Legal Adviser and Trainer at inlexso (Pty) Limited
Karus is a seasoned and solution focused compliance, privacy and legal advisor and trainer and is employed by inlexso since 2015.
He has more than 10 years’ experience as consultant and in-house advisor in the legal and compliance environment, advising clients in industries such as logistics, mining, manufacturing, aviation, construction, financial services, banking, agriculture and property.
His experience as consultant, manager, director and in-house compliance specialist includes advising on, designing/ reviewing of compliance and risk management frameworks, drafting of policies, compliance monitoring, management reporting, preparing newsletters about regulatory amendments, preparing compliance content such as compliance manuals, self-assessment questionnaires, compliance calendars and compliance risk management plans (CRMPs) and providing training on compliance related matters.
His experience includes approximately 6 years as advisor and trainer in respect of the Protection of Personal Information Act (POPIA). He has assisted clients with POPIA readiness in industries such as retail, manufacturing, construction, aviation and tertiary education. POPIA training experience includes presenting on POPIA since 2014 and since 2017 on behalf of Enterprises University of Pretoria (Pty) Ltd.
Before joining inlexso (named EOH Legal Services at that stage) in 2015, Karus was a director of iThemba Legal & Compliance (Pty) Ltd, specialising in legal compliance and commercial law.
Karus has practiced as attorney and served as in-house compliance advisor, compliance consultant, company secretary and corporate legal advisor. He was admitted as attorney in 2003.
About Jonathan Crisp, Director, BarnOwl GRC Software Solutions
Jonathan Crisp has a BSc Honours in Computer Science, as well a Risk-Based Internal Auditing certification. He has over 30 years’ experience in the IT industry and is one of the founding directors of IDI Technology Solutions.
IDI are the owners and software developers of the BarnOwl GRC and Audit software solution which is the preferred GRC solution in the public sector, endorsed by the Office of the Accountant General (OAG) of South Africa.
Jonathan is an active member of the Risk Intelligence Committee at IRMSA (Institute of Risk Management SA) and is a member of the IIA (Institute of Internal Audit SA).