Skip to content
TOSMS
Primary Navigation Menu
Menu
  • Home
  • About
    • About TOSMS
    • About Our Partner
    • Hiring Us
  • Services
    • Governance, Risk and Compliance Services Overview
    • Digitise GRC Operations
    • Integrate and Automate GRC Functionality
    • Resolving Future GRC Change Impacts
    • Embarking on a GRC Digitisation Journey
    • Regulation-specific Services
  • GRC Software
    • Governance, Risk & Compliance Software Overview
    • T-GRCS: TOSMS Governance, Risk & Compliance Solution
    • T-RMS: TOSMS Records Management Solution
    • T-RTS: TOSMS Regulatory Training Solution (Data Privacy – POPI)
  • E-Learning
    • POPI Training
  • News
  • Contact

Governance issue not covered in the POPI Act

On: May 25, 2017
In: News, POPI
Tagged: governance, POPI, workstream
Governance issue not covered in the POPI Act

Which critical POPI governance issue is not covered in the POPI Act?

For background, TOSMS recently published articles covering the four main focus areas in the South African Protection of Personal Information Act, namely:

  • The Data Subject; and
  • Personal Information relating to the data subject; and
  • The Responsible Party, as well as
  • The nature of Processing that a Responsible Party carries out on Personal Information.

These posts can be found under News on our website along with other useful tips and news alerts, including progress the Information Regulator has made.

All governance aspects in the POPI Act are logically grouped together under a workstream called “Governance”, which will be covered in subsequent articles.

What is important about having a Governance workstream?

The important thing about what we call the “Governance workstream” is that POPI needs to dovetail with whatever other regulatory compliance practices there are in your organisation.

POPI will impact on things like policies and standards. Notably, there are various questions you need to consider when creating a sustainable level of POPI compliance:

  • Who is currently responsible for reporting on compliance with other legislation?
  • Who are operationally accountable and for what internal controls?
  • Who are accountable for oversight and what are the measures used?
  • What kinds of reviews are done annually?
  • How are regulatory risks identified and escalated?
  • What about complaints and dealing with the regulators in your industry?

Not all of these issues have rules in the POPI Act that prescribe how they must be dealt with.  Overall the Act states you have to comply with POPI and how you go about this should be driven by a top-down approach. The governing body should integrate POPI into the existing model for handling regulatory compliance. Of course this is why there is a workstream called Governance.

The above is achieved via the application of Policies, Standards, Practices and Guidelines (PSPG’s). Various other governance requirements will be covered in future articles.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related

2017-05-25
Previous Post: Don’t wait for the POPI Regulations
Next Post: Appointing an Information Officer, who and how many?

SEARCH OUR NEWS

RECENT POSTS

  • POPIA Disclosure Requirements – Mandatory and Voluntary information
  • POPIA Disclosure Requirements – Details of Responsible Party
  • POPIA Disclosure Requirements – Aware of Collection

CATEGORIES

  • News (41)
  • POPI (38)

SUBSCRIBE TO OUR NEWSLETTER

Email:
Name:

Navigation

  • Home
  • About TOSMS
  • About Our Partner
  • Governance, Risk and Compliance Services Overview
  • T-GRCS: GRC Solution
  • T-RMS: Records Management Solution
  • T-RTS: Regulatory Training Solution
  • E-Learning
  • Hiring Us
  • News
  • Contact
  • Privacy Policy

Latest News

  • POPIA Disclosure Requirements – Mandatory and Voluntary information

    POPIA Disclosure Requirements – Mandatory and Voluntary information

    November 29, 2017
  • POPIA Disclosure Requirements – Details of Responsible Party

    POPIA Disclosure Requirements – Details of Responsible Party

    November 28, 2017
  • POPIA Disclosure Requirements – Aware of Collection

    POPIA Disclosure Requirements – Aware of Collection

    November 27, 2017

SUBSCRIBE TO OUR NEWSLETTER

Email:
Name:

Contact Details

United Kingdom
+44 (0)13 7243 8397
tim@tosmsgroup.co.uk

South Africa
+27 (0)21 761 8020
abrie@tosms.co.za

TOSMS Founder

Copyright © 2019 Tim O'Hanlon Strategic Management Services | web design by: creative engineering studio