What we at TOSMS have learnt so far

First Let’s Take Stock

Before embarking on this POPI exposé, we have taken some extracts out of some of our previous articles. These were published earlier this year. They cover the broader issue of what to watch out for when such a pervasive piece of legislation as data protection comes your way. We have shared some of what we have learnt about POPI.

You can read the full articles by clicking on the links below:

Data Protection – Defining the Problem Space When You Don’t Know What You Don’t Know
Data Protection Governance – Indictment, Insanity, Genius…. Challenges For the Governing Body
A Practical and Systemic Approach To Solving Your Data Protection Compliance Requirements

Beware: The Devil is in the Detail

When looking at all your processes, systems and people dealing with records that contain personal information, knowing just how exposed you are is not as simple as you may think. An approach that is too generic may not be enough. You need to ensure sufficient protection from exposure.

Just ask yourself the question: why are large and reputable companies in the UK still falling foul of this legislation? They have had the Data Protection Act in place for more than two decades. Do not underestimate the rigour required!

Analysis on Spreadsheets

We have been working with companies on data protection since 2007. We have developed essential tools for being able to understand and analyse the magnitude of the problem.

What we have learnt about POPI is it is not sensible to carry out the analysis of the numerous data elements in a company impacted by the POPI Act through the use of spreadsheets. This is unless you have a small company with very little processing of personal information.

We have worked with large and medium size companies. Here the number of data elements captured amount to tens of thousands of inputs.  These cannot be analysed and mapped to create essential risk heatmaps without an automated system.

Next: What are some fundamental risks of POPI?

More About Our Newsletter

References: Information contained in our newsletter includes extracts from the TOSMS online training program: Introduction to Protection of Personal Information Act.  The aim of providing this content is to assist individuals dealing with personal information about their clients, suppliers and staff in coming to terms with the extensive requirements of the POPI Act. See Training & E-Learning for more course details.

Understanding POPI In Layman’s Terms: As the Information Regulator has been appointed and the commencement date will be the next major announcement by the South African government that will kick-start the one year transitional period, we decided to embark on an education initiative for everyone who has subscribed to our newsletter.  What this means is that we will be unpacking the legislation in bite-size chunks over the next year sharing what we have learnt about POPI. We’ll do this through our regular newsletter to provide a useful reference for individuals impacted by the POPI Act. You can subscribe to our newsletter in the footer of our website.

We will include other articles of relevance from time to time. Mostly, we will be covering what is in our POPI training program.  While it will not be as comprehensive as the training program, it will expose the issues for you. You can then explore further where it triggers the need in your business to consider changes.