Governance Templates
The company/organisation will be required to manage their internal fiduciary requirements to manage all aspects of the POPIA within the company as a juristic entity. In accordance with the companies, act board resolutions will need to be passed to allow for the appointment of the Information Officer. As per the act, the Information Officer must be appointed the Responsible Person to perform his/her Duties. The company also needs to pass a resolution and associated policy, committing to be/become compliant with the obligations placed on them by the POPI & PAIA Act. If the company deals with special categories of information or the information of Minors as part of its day to day business (e.g. in the medical environment), the organisation must make special mention of this.
Place your Order Today
Human Resource Annexures Templates
The company/organisation has a legal obligation in accordance with POPIA to ensure that a). all company employees and contractors have provided consent and b) have their respective Responsible Person appointment defined to allow the respective Personal Information to be managed in accordance with the POPIA manual and other internal policies (like the Employee Handbook, IT Acceptable usage policies, etc)
Place your Order Today
Client/Suppliers Annexure Templates (Basic)
The company/organisation has a legal obligation in accordance with POPIA to ensure that all company Clients and Suppliers have provided consent for the storage of their information by the company/organisation, and have undertaken to comply with POPIA in their own entities. The company will be required to conduct assessments to validate the compliance of their clients and suppliers.
POPIA Manual (Basic)
The Privacy policy provides essential information regarding the entities POPIA/PAIA framework in compliance with all the mandatory requirements for the respective acts. This will allow the entity then to manage in accordance their POPIA Manual how to allow both internal and externally appointed operators access, processing, deletion, maintenance and restrictions to specific information and how the responsible person or party may do so.
This POPIA Manual & Privacy Policy is for small companies where all personal data is stored either internally or hosted by local Service Providers. This Excludes International Processing & Storage and dealing with special categories of information or the information of Minors.
Data Retention Policy (Basic)
The company/organisation has a legal obligation in accordance with their Privacy Policy and POPIA Manual to ensure that they have a Data Retention Policy. This policy will be further impacted by additional regulatory Acts like the Health & Safety, SARS and sector specific requirements and all internal Information & Technology associated policies like Archive, Access, System Updates etc that involve any of the eight principles of personal information as defined by POPIA. The policy will be required to be maintained and updated regularly and include all changes in company policy and procedures on an ongoing bases to ensure compliance.
Place your Order Today
Data Breach Policy (Basic)
The company/organisation has a legal obligation in accordance with the Act, that along with their Privacy Policy and POPIA Manual, they must ensure that they have a Data Breach Policy. This Data Breach policy will manage the defined management procedures in accordance with the POPIA that the Information Officer and Responsible Parties will follow to firstly ascertain the level of the Data Breach, the impact of the data breach, the corrective measure required to prevent further data breach and most import the required mandatory reporting to the company, the information regulator and the owner/owners of the information that was illegally obtained.
Read More About Data BreachesPlace your Order Today
Data Protection Impact Assessments (Basic)
The company/organisation has a legal obligation in accordance with their Privacy Policy and POPIA Manual to ensure that they conduct Data Protection Impact Assessments on a regular basis. This DPIA will be required as part of the company’s ongoing POPIA strategy to demonstrate and create further awareness within the company and to mitigate ongoing risks as they evolve over time. The DPIA assesses where information is being managed/processed as part of ongoing business activities with the intention of improving areas of concern and provides a body of evidence to shareholders regarding ongoing compliance efforts. The DPIA is a valuable tool that the Information Officer will use not only for a Data Breach, but also to test “case scenarios” within current business activities and provide the reports to the shareholders.
Place your Order Today
POPIA Retainer Service
We provide a POPIA retainer service for our clients. This allows the Client to decide on the level of support they require based on current business activities.
For further details, please refer link below.
Information Officer Training
The Information Officer will need to trained to provide the mandatory POPIA internal and External management. Any updates and management of the POPIA manual and company awareness policy will be under his or her custodianship, and the training will also assist with the associated compliance reporting.
Read more about training >Place your Order Today
Responsible Person/Party Training
The company/organisation will be required to train specific employees as Responsible persons/parties. Under the act, all employees have a responsibility to be compliant and as such must ensure that all business activities are conducted based on the ethos of the companies POPIA policy framework(s). Responsible Parties not only protect information but manage the transfer and share of information both internally and externally to service providers and suppliers, and may be required to assist with data breach assessments and annual reporting.
Read more about training >Place your Order Today
Employee Awareness Training
The company/organisation has a mandate to provide basic awareness training to all employees, including Contractors. This training involves the employee/persons right to access, delete, update etc with regards to the PAIA and the eight principles of the POPIA that involve the employee/person information that the Company and its appointed service provider have obtained to deliver a requested service.
Additional Policy Templates
We can provide additional templates that will provide a complete POPIA Framework for any size company.
1: Social Media/Messaging Policy
2: Employeee Handbook POPIA Annexure
3: IT Usage Policy (POPIA)
Please complete the contact form or follow the provided link for further details.