Embed Size (px)
DESCRIPTION
Ovations Group is ideally positioned to help South African companies implement processes and best practices to ensure compliance with the Protection of Personal Information (PoPI) act. This presentation outlines the fundamentals of the act and explains how the Ovations Group can assist companies in avoiding the pitfalls PoPI presents.
Citation preview
OVERVIEW
OUR APPROACH
OUR OFFERINGS
CONCLUSION
DO YOUR POLICIES AND PROCEDURES ENABLE DATA PRIVACY?
THE PROTECTION OF PERSONAL INFORMATION (POPI) ACT WILL HAVE AN IMPACT ON ALMOST EVERY COMPANY OPERATING IN SA?
DID YOU KNOW:
THE POPI ACT WILL
ESTABLISH ACODE OF CONDUCT FOR CONFIDENTIAL HANDLING OF PERSONAL INFORMATION
CONDITIONS FOR LAWFUL PROCESSING OF PERSONAL INFORMATION
Collection of data
Processing limitations
Retention of data
Deletion of information
Data security
Data subject participation
Notification
7
COLLECTION OF DATA
Information must be collected directly from the individualExceptions:– Public records– Consent given to a third party – Law enforcement
COLLECTION OF DATA
The person must be aware of the purpose for collecting their personal information and give consent
There is additional consent needed to store and process data outside of South Africa
PROCESSING LIMITATIONS Businesses are not permitted to processpersonal information of children under 18
Religious or philosophical beliefs
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
Trade union membership
or political opinions
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
Health, sexual life or biometric details
Race or ethnic origin
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
PROCESSING LIMITATIONSUnless specifically permitted, you areNOT ALLOWED to process information about…
Criminal Behaviour
RETENTION OF DATA
Information must NOT be kept any
longer than is necessary for
processing
DELETION OF INFORMATION
Data must be destroyed as soon as possible
It must be impossible for data to ever be recovered or reconstructed
DATA SECURITY
Technical and organisational security measures to prevent data loss or damage, or unlawful access to personal information are essential.
DATA SUBJECT PARTICIPATION
A person must be able to:
Find who has their data
Request a copy of all personal information heldby an organisation
Request amendments or deletion of their data, and receive proof this has been done
**********
ENFORCEMENT
Official complaint process
Punishment up to 10 years imprisonment and/or fine up to R10 million
Civil action may also be taken
OVERVIEW
OUR APPROACH
OUR OFFERINGS
CONCLUSION
OUR APPROACH
We can help you define a strategy and roadmap to become compliant with the POPI Act.
We provide a complete and holistic execution that interweaves the key areas of PEOPLE
PROCESSESTECHNOLOGY
PROCESS DIAGRAMOur transformational approach focusing on enablement of people, process and technology.
INSIGHTTRANSFORMATION
ROADMAPENABLEMENT
• People understanding• Skills and capacity• Process capability• Technology availability
and capability
Design the business response to ensure effective and efficient compliance
Prioritised investment route map based on business and IT considerations in support of defined architecture
Currentstate
POPI vision and strategy
People educationProcess compliance
Technology capability
PROCESS DIAGRAMOur transformational approach focusing on enablement of people, process and technology.
INSIGHTTRANSFORMATION
ROADMAPENABLEMENT
• People understanding• Skills and capacity• Process capability• Technology availability
and capability
Design the business response to ensure effective and efficient compliance
Prioritised investment route map based on business and IT considerations in support of defined architecture
Currentstate
POPI vision and strategy
People educationProcess compliance
Technology capability
PROCESS DIAGRAMOur transformational approach focusing on enablement of people, process and technology.
Currentstate
POPI vision and strategy
People educationProcess compliance
Technology capability
Status of Enablement
Business and compliance risks
Business and risk
considerations
Costs and time considerations
Business architecture
Information systems architecture
Technology architecture
People enablement
OVERVIEW
OUR APPROACH
OUR OFFERINGS
CONCLUSION
STRATEGY
POPI Strategy and Implementation Roadmap
Business case development
TRAINING AND EDUCATION
POPI Act and Implications customised for implemented solutions
CHANGE & COMMUNICATION
Strategy & Planning
Development & execution of awareness campaigns
DATA
Data Audits, Security &
Management
PROCESS & CONTENT
Process Solution Design & Automation
Records Management assessment, design & enablement
Security policy enablement
Content archival solutions
Content Governance
Document destruction services
OVERVIEW
OUR APPROACH
OUR OFFERINGS
CONCLUSION
Ovations is equipped to transform your business to comply with the Protection of Personal Information Act.
LET US HELP YOU BECOME COMPLIANT
