Main Promo Images
A framework to initiate and control the implementation of information security
King IV information and technology governance
Respect for human rights while enabling the free flow of information
King IV corporate governance assessment-as-a-service
Corporate governance of ICT
A framework for the Governance and Management of IT
Global leaders in the design and implementation of IT governance frameworks and mechanisms.
More than 10 years experience in the protection of personal information (POPIA).
Consulting services, software solutions and wide range of training available.
Regulation 4(1)(d) relating to the protection of personal information requires information officers to ensure that internal measures are developed together with adequately secure systems to process information and access requests. A secure online portal enables information officers to process data subject requests and consent withdraws electronically.
Information officers are required to ensure personal information impact assessments are completed for all processing operations and appropriate technical and organisaional measures implemented to safequard personal information. Make use of a proven methodology.
Diagnostic, baseline and advanced compliance assessments assist information officers and responsible parties verify compliance with the conditions for the lawful processing of personal information, enablement of data subject rights and safeguarding personal information.
Responsible parties are required to respond promptly when there is an interference with data subject rights and notify the Information Regulator and data subjects. Information officers should ensure they are properly prepared to identify interferences and have established processes to communicate with data subjects.
A wide range of expert-led POPIA courses are presented regularly at public and in-house online events covering many aspects of the protection of personal information. Courses are aimed at various staff categories and designed to be relevant to specific functional aress.
Internal awareness sessions that address the Protection of Personal Information Act, related regulations and guidance notes issueby the Information Regulator are a requirement of Regulation 4(1)(e). An online elearning management system is a cost efficient way for information officers to ensure adequate awaress has been created!
Websites often process the personal information of visitors. POPIA has introduced an number of obligations that must be adhered to when personal information is collected and processed. These obligations include notifying the visitor of the purpose/s for collecting personal information. Non-compliance with these requirements may have serious consequences.
POPIA requires responsible parties to provide service providers with written instructions to ensure that the operator which processes personal information for the responsible party establishes and maintains the security measures. Before finalising the instructions it will be necessary for the responsible party to complete a personal information impact assessment in order to correctly identify the required measures to safeguard personal information.
POPIA is technical and complex. There are numerous requirements that everyone who processes personal information must fulfil.
Addressing these requirements is often challenging. Extensive assistance is available from POPIA experts who participated in drafting the legislation. They have an indepth understanding of all aspects of the legislation and have developed a wide range of solutions to assist.
Sometimes there is concern about a process, system or product's compliance with the conditions for lawful processing of personal information. When the consequences of non-compliance are significant, it will help to obtain independent assurance that the requirements of POPIA have been fulfilled. POPIA certification based on established criteria will provide that confidence.