Privacy is a new and developing field in South Africa, but is a developed sphere of work in Europe, the United Kingdom, Australia and the United States. South Africa’s new data privacy legislation, the Protection of Personal Information Act, 2013 (POPI), brings South Africa into line with international best practices in the field of privacy.
POPI governs the way in which personal information is collected, stored, used, disseminated and deleted. It protects personal information of both individuals and corporate entities and inevitably applies to your organization.
POPI is coming into effect in stages. Certain sections commenced on 11 April 2014, which enable the appointment of an information regulator and the making of regulations. While the compliance obligations are not yet effective, this is the first step towards POPI becoming operative. The information regulator should be appointed and draft regulations should be published for comment within the coming months. The remaining sections will then be enacted and South Africans will have 12 months from the commencement of the remaining sections within which to become POPI compliant.
Compliance will be a continued process, and should be viewed as a practical yet business critical task. POPI is not aimed at impeding business growth and its application therefore involves common-sense measures that are relatively easy to implement in your business.
That said, non-compliance poses significant financial, operational and reputational risks. During this one-day workshop you will learn how POPI works, what it means for your business and where you need to start to become compliant. We will focus on some of the more complex issues arising from the requirements and through case studies and international experience, demonstrate how compliance can give you a competitive advantage.
Upon completing this course participants should:
- Understand the importance of privacy legislation and why it is good for South Africa;
- Know what POPI covers and when it applies;
- Be able to identify which information handled by an organisation is protected under POPI;
- Have insight into specific requirements, including:
- Cross-border transaction of information;
- Data security and service providers;
- Direct marketing and social media;
- Understand the significance of data subject rights and how to prepare for data subject access requests; and
- Be able to start formulating a POPI compliance project by conducting a privacy impact assessment.
Who will Benefit:
This course is designed for anyone who handles personal information, whether that of employees, affiliates, customers or service providers. No prior knowledge of privacy law is required. It will also benefit those who wish to discuss some of the more complex arising from POPI and its practical implementation in a business environment. The course is suitable for professionals of all levels and across multiple areas, but the following personnel may find it of particular benefit:
- Information officers
- IT and information security professionals
- Marketing professionals
- Customer service professionals
- Human resources professionals
- Regulatory professionals
- Compliance professionals
- Legal professionals.