Skip to content
TOSMS
Primary Navigation Menu
Menu
  • Home
  • About
    • About TOSMS
    • About Our Partner
    • Hiring Us
  • Services
    • Governance, Risk and Compliance Services Overview
    • Digitise GRC Operations
    • Integrate and Automate GRC Functionality
    • Resolving Future GRC Change Impacts
    • Embarking on a GRC Digitisation Journey
    • Regulation-specific Services
  • GRC Software
    • Governance, Risk & Compliance Software Overview
    • T-GRCS: TOSMS Governance, Risk & Compliance Solution
    • T-RMS: TOSMS Records Management Solution
    • T-RTS: TOSMS Regulatory Training Solution (Data Privacy – POPI)
  • E-Learning
    • POPI Training
  • News
  • Contact

Information Regulator publishes draft POPI Regulations

On: September 11, 2017
In: News, POPI
Tagged: impact assessment, POPI, regulations, risk assessment, TOSMS
draft popi regulations

Information Regulator publishes draft POPI Regulations

The Office of the South African Information Regulator has published draft POPI Regulations for comment in the Government Gazette, which are available here. Tim O’Hanlon Strategic Management Services also obtained additional insights from the Regulator’s office regarding the road ahead with POPIA, which is covered in the second half of this article.

The POPI Regulations are promulgated in terms of the Protection of Personal Information Act No. 4 of 2013 (POPIA). They primarily deal with the process around complaints handling by the Regulator and do not contain additional obligations to be complied with by organisations.

 

What do the Regulations include?

The Regulations include the following:

  1. the manner of objection by data subjects to the processing of personal information
  2. the manner of request by data subjects for correction or deletion of personal information or destroying or deletion of record of personal information
  3. the duties and responsibilities of information officers, including ensuring that:
    • a compliance framework is developed, implemented and monitored
    • adequate measures and standards exist
    • preliminary impact assessments are conducted
    • a manual is developed
    • internal measures are developed
    • awareness sessions are conducted
  4. the manner of request for a data subject’s consent for processing of personal information for the purpose of direct marketing by means of unsolicited electronic communications
  5. the manner in which to submit a complaint or grievance
  6. the powers of the Regulator

 

Insights into the POPI road ahead

At a recent POPI conference, the Office of the Information Regulator confirmed to Dudley Garner, Director Regulatory Compliance at Tim O’Hanlon Strategic Management Services (TOSMS), the following:

  • their intentions with regards to the commencement date and
  • their approach with regards to preparation for implementation by companies while the commencement date is awaited.

 

Likely POPIA commencement date

The commencement date for the remaining sections of POPIA is targeted by the Information Regulator to be in the April to May 2018 timeframe. From then on, organisations will have one year to comply fully with all the conditions of the Act.

Accordingly, it is in the best interests of organisations to initiate POPIA Impact Assessments and/or POPI Implementation Projects sooner rather than later. TOSMS has a proud history of assisting organisations with POPIA Impact Assessments since 2007.

 

Approach companies should be following

It was made clear by the Office of the Information Regulator that sections 39 – 54, 112 and 113 of POPIA are already effective. It was emphasised that organisations should not wait for the publication of the effective date of the remaining sections of POPIA before implementing processes to become fully compliant.

They have also already received numerous complaints under the banner of POPIA. They have undertaken to follow these complaints up prior to the commencement date.  Where an organisation is under the spotlight due to a complaint and is found to have done no preparation in anticipation of the commencement date, such an absence of preparation will be frowned upon by the Regulator with the potential of greater exposure for that company.

 

Value-add from Tim O’Hanlon Strategic Management Services

Are you unsure how the POPI Act will impact your organisation? Do you have concerns about the need to tackle such an initiative prior to the commencement date? If so, don’t hesitate to contact one of our team.

TOSMS can conduct a risk-based gap analysis across all functional areas within a large organisation. This will give management a high-level view of risks and impacts of POPIA in a reasonably short space of time, enabling them to decide quickly where to focus resources and effort to comply with the POPI legislation. This is becoming increasingly important, especially when there are urgent business priorities and little appetite to commit resources to non-revenue-generating compliance initiatives.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related

2017-09-11
Previous Post: POPI Integration with PAIA
Next Post: POPIA Disclosure Requirements – Purpose

SEARCH OUR NEWS

RECENT POSTS

  • POPIA Disclosure Requirements – Mandatory and Voluntary information
  • POPIA Disclosure Requirements – Details of Responsible Party
  • POPIA Disclosure Requirements – Aware of Collection

CATEGORIES

  • News (41)
  • POPI (38)

SUBSCRIBE TO OUR NEWSLETTER

Email:
Name:

Navigation

  • Home
  • About TOSMS
  • About Our Partner
  • Governance, Risk and Compliance Services Overview
  • T-GRCS: GRC Solution
  • T-RMS: Records Management Solution
  • T-RTS: Regulatory Training Solution
  • E-Learning
  • Hiring Us
  • News
  • Contact
  • Privacy Policy

Latest News

  • POPIA Disclosure Requirements – Mandatory and Voluntary information

    POPIA Disclosure Requirements – Mandatory and Voluntary information

    November 29, 2017
  • POPIA Disclosure Requirements – Details of Responsible Party

    POPIA Disclosure Requirements – Details of Responsible Party

    November 28, 2017
  • POPIA Disclosure Requirements – Aware of Collection

    POPIA Disclosure Requirements – Aware of Collection

    November 27, 2017

SUBSCRIBE TO OUR NEWSLETTER

Email:
Name:

Contact Details

United Kingdom
+44 (0)13 7243 8397
tim@tosmsgroup.co.uk

South Africa
+27 (0)21 761 8020
abrie@tosms.co.za

TOSMS Founder

Copyright © 2019 Tim O'Hanlon Strategic Management Services | web design by: creative engineering studio