Solving the Protection of Personal Information Challenge


A cornerstone of any company’s regulatory compliance regime today is the appropriate control and oversight of records containing the personal information (PI) of their clients, suppliers and staff. This is a topic of growing concern in board rooms given the increasing number of reported breaches and the attention that processing of PI is receiving through the appointment of regulators and the powers these regulators have to fine heavily and name and shame transgressors.

GDPR &  POPI Legislation approved

In the EU the General Data Protection Regulation (GDPR) was approved in April after many years of deliberation and will come into force by mid 2018. This creates a single standard for all member states with more onerous requirements and aggressive penalties where breaches occur. In South Africa similar legislation, called the Protection of Personal Information (POPI) Act, awaits the imminent appointment of the regulator where after a commencement date will be announced. Companies will then have a year to comply.

Other regulations that control your data

Added to this picture are the numerous requirements in current legislation that call for companies to be able to access and process personal data – details about foreign citizens and their assets, KYC details for anti money laundering purposes, processing the details of politically exposed persons, policyholder details for capital adequacy purposes, shareholder details for dividends tax submissions, supplier VAT submissions, staff personal income tax submissions, etc.

Fragmented IT infrastructure

Finally, consider the systems architecture of the majority of clients we have worked with over the past two decades where the IT infrastructure has evolved and become more and more fragmented as new technology and old technology co-exist, more and more applications have been added and everything has become more mobile with the advent of smart devices that have considerable processing power.

Granular control is possible

Against the above backdrop, it is little wonder that companies struggle to control the processing of their business data at a level of granularity that mitigates the growing regulatory risk, taking into account the typical challenges of systems architecture limitations, growing mobility of processing and increased regulator attention. TOSMS provides a solution to this challenge through its ground-breaking Records Management Solution: T-RMS.

The solution


TP-RMS has been developed in collaboration with Paperless Software Solutions, a joint venture partner of TOSMS. It tackles the major risks that companies experience when processing PI. Typically these issues relate to mobile data, records processed by third parties, consent and access control, encryption of certain information, retention of records and finding and consolidating data across a multitude of repositories and file stores for reporting purposes, not just for data protection legislation but also for other regulated reporting requirements.

Request a brochure

A brochure is available and can be requested by completing the Request form. A brief description of T-RMS is provided below and describes the set of 4 modules that are each designed to deal with a specific data protection risk.


IS Hub

The two key components of the IS HUB are the Setup Manager for entering the records management rules and the Application Programming Interface (API) Library used for ease of integration with all other applications holding data needing to be controlled.



The main component of OUT is a desktop screen called My POPI Box to help all staff processing extracts, printouts and downloads. It provides them with a register and actions required to manage these records outside the secure IT environment. (POPI: Protection of Personal Information)



The 3P module is an extension of the IS HUB and uses the same two components, namely the Setup Manager and API Library, for linking to the applications that are under the control of your third parties where your PI is being processed.



As the name implies, FINDER is a search engine built into the IS HUB that allows all records that have been linked via APIs to be viewed and reported on. This module relies on indexing and use of primary keys for its accuracy and solves many of the regulatory demands for consolidated data reporting.

Request a call back

Should you wish to find out more about this or any of our other Regulatory Risk Services or Solutions, request a call back from one of our team by completing the Request form.