Description of the POPI Act Overview Course
This course provides delegates with an overview of the new Protection of Personal Information legislation and the significant obligations placed on those business leaders identified as the “responsible parties” and “information officers”. All public and private bodies will be affected by the requirements of this legislation. Various technical and organisational arrangements will be necessary.
The collection of personal information must be for a specifically defined, lawful purpose related to a function of the responsible party. The processing of data must be for a legitimate purpose. Data subjects must be aware of the collection of the data. Adequate business controls are required to maintain data integrity and information security must meet international standards. Data must be retained only for as long as necessary and the it must be destroyed.
Participants will obtain an overview of the Protection of Personal Information Act and its implications. On completion of this seminar, participants will be able to:
- Articulate the requirements of the Protection of Personal Information Act
- Demonstrate an understanding of the conditions for the lawful processing of personal information
- Identify the technical and organisational measurements necessary for protecting personal information
- Describe the various roles and the responsibilities of the personnel who should be concerned about the protection of personal information
- Identify the effort required to meet the requirements of the Protection of Personal Information Act and the conditions for lawful processing personal information contained therein.
Participants will learn through discussion and practical examples how to address the organisational, procedural, technical and legal requirements for the Protection of Personal Information.
This seminar includes topics about:
- Overview of the legislation for the Protection of Personal Information
- The duties of the Responsible Party and Information Officer
- The role of Risk Management and Compliance
- Working with the Regulator
- Communicating with data subjects
- The eight conditions for the lawful processing of personal information
- How to differentiate between personal and other data
- How to update the PAIA manual and what records to keep about the processing of personal information
- Identifying and mitigating privacy related risks
- Identifying the organisational and technical arrangements necessary for the protection of personal information
- Controlling the activities of Operators
- Trans-border exchanges of personal data
- Building organisational capability to manage Privacy
- Challenges from the collection, profiling, cross-marketing, unstructured data, third party processing, secondary use.