Managing records for POPI

As a result of POPI, managing records requires a high level of control. It is difficult to know where to begin.

Why is it such a big task?

Worryingly, companies aren’t currently used to processing records to this level of complexity. This is due to:

  • the sheer volume of personal information that gets generated, held in databases, electronic files and paper
  • covering staff, suppliers and clients
  • for which companies are accountable while the records are in existence and
  • because of the many different actions this personal information is exposed to during this time. Each have numerous rules that are applicable due to the 86 detailed requirements for POPI.

What can we do to be better at managing records for POPI?

Here are some useful tips on where to begin managing records. What immediate things can companies do to overcome this new level of data management?

  1. Know what records contain personal information and appoint owners of these records. This spreads the accountability, especially in the area of Records Management. 22 rules can be identified in the POPI Act specifically to do with this work stream.
  2. Make sure you categorise and classify these records making it easier to apply the rules. Also determine where your biggest risks of exposure are. Concentrate your efforts on records management where you have the highest risk potential.

Learn more

Learn more about the complexities of records management as a result of the POPI Act. We have covered the four main focus areas in POPI in the following posts:

  1. Introducing the four main focus areas in POPI
  2. What is a data subject? A better understanding of POPI
  3. The definition of personal information
  4. A more practical approach to personal information
  5. POPI: What is a record??
  6. Understanding who a responsible party is in POPI
  7. Are you a responsible party?
  8. A better understanding of processing in POPI