Before we get into the four main focus areas in POPI, be sure to take a look at a number of challenges presented by the Protection of Personal Information Act which have been covered in previous articles by TOSMS:
- What is meant by Personal Information?
- POPI demands a granular control of records
- Onboarding POPI – a shift in culture
- How can I prepare for POPI
- What are some fundamental risks of POPI
- What we at TOSMS have learnt about POPI
- Data protection – defining the problem space when you don’t know what you don’t know
- Data protection governance – indictment, insanity, genius …. challenges for the governing body
- A practical and systematic approach to solving your data protection requirements
To be ready to deal with these challenges, it is important to unpack the POPI legislation. A question that we at TOSMS always start with when beginning to unpack a new piece of legislation is: “What are the main focus areas in the POPI Act?”
There are four main focus areas in POPI that can be paired together as follows:
1) Data Subjects and their 2) Personal Information
3) Responsible Parties (those who are doing the processing) and 4) Processing that they are carrying out.
Before continuing with unpacking of the POPI Act, the new terminology introduced by the Act needs to be clarified, i.e. the terms Data Subject and Responsible Party.
The POPI legislation defines each of these main focus areas and it is important to understand them thoroughly. The definitions set the scope for how far POPI extends into the area of data processing in a company.
Once these definitions are understood, one will be able to see exactly what is in scope when it comes to complying with POPI.
The new terminology and definitions will be covered in future articles by TOSMS.