Protecting personal information in accordance with the Act requires a diverse set of skills and experience. With over twenty years experience in the protection of personal information in Europe, the IT Governance Network is unique in the breadth and depth of its practical knowledge and experience. A number of its staff attended the Parliamentary meetings drafting the Protection of Personal Information Bill and they made six submissions, some of which are in the finalised Act. 

The IT Governance Network is able to assist a wide range of clients, across all industries, to fulfill the requirements for lawful processing of personal information. Its practical, legal, business and information processing services enable clients to overcome the many challenges of the privacy legislation in a pragmatic way. Its software solutions, used in Europe, are available in South Africa too.

Key POPIA services:

  • Executive awareness about the obligations of responsible parties
  • Identification of personal information assets and business impact of privacy concerns
  • Legal and technical privacy threat and vulnerability analysis
  • PAIA manual preparation and update
  • Comprehensive IT legal register and update service
  • Evaluation of technical and organisation measures
  • Selection and implementation of privacy safeguards
  • Contracts with service providers
  • Service provider verification
  • Privacy by design
  • Privacy training and consulting services
  • Privacy programme management.

 

Available POPIA Softare Solutions:

GOVERN THE POPIA COMPLIANCE FRAMEWORK

Accountability

  • System to assign governance, management and operational data protection tasks to persons responsible across the enterprise, processors and sub-contractors; to set priorities, implement strategy, use dashboards to track progress

Context and interested parties

  • Establish the context and expectations of interested parties.

Obligations and guidance

  • Record data protection obligations and update a knowledge base with regulatory guidance.

Objectives, scope and policy

  • System to determine the
    • data protection objectives
    • scope and planning
    • policies

for using and protecting personal data.

 

PLAN THE POPIA COMPLIANCE FRAMEWORK

Inventories of processing

System to establish inventories and record:

  • details of personal data used at all locations
  • data transfers
  • outsourced processing and processes
  • sources and status of consent records
  • data protection processes and safeguards.

 

Registers and libraries

System to record:

  • IT legal compliance obligations
  • contracts with processors and sub-contractors
  • data sharing templates and agreements
  • criteria for prior authorisation and consultation
  • legal, technical and organisational vulnerabilities
  • policies and operational practices
  • options for privacy by design and default
  • risk treatment options
  • risks and delegated risk owners
  • internal controls and protections to counter risks
  • audit programme templates.

 

Data protection impact assessments

System to conduct, record and maintain data protection impact assessments; develop privacy plans.

 

DEVELOP THE POPIA COMPLIANCE FRAMEWORK

Involve the information officer

  • Properly involve the information officer and others in the data protection activities.

 

Orchestrate and track POPIA related work

  • Assign operational tasks, implement and operate safeguards to treat risks and log performance.

 

Communicate the processing of personal data

  • Inform the information regulator and data subjects.

 

 

IMPLEMENT THE POPIA COMPLIANCE FRAMEWORK

Consent management

  • Maintain granular records and track consent received from and withdrawn by data subjects.

  

Case management (handle data subject requests)

  • Respond to information requests and complaints. Notify data subjects of interferences and breaches.

 

Operate technical and organisational measures

  • Manage measures, the information life-cycle, lawful processing of personal data, changes in processing risk.

 

Incident Management

  • Respond to incidents, track actions through to closure.

  

MONITOR THE POPIA COMPLIANCE FRAMEWORK

Demonstrate compliance with POPIA

  • Manage a central repository of artefacts, event logs and audit trails to demonstrate compliance.

 

Evaluate the protection of operational systems

  • Audit the technical and organisation measures.

 

Assess compliance with the POPIA

  • Audit compliance of system functions with the POPIA.

 

Monitor processor (vendor) processing and guarantees

  • Audit the status of processor compliance.

 

Validate processor (vendor) assertions

  • Audit the operator assertions of compliance.

 

REACT TO NON-CONFORMANCE WITH THE POPIA COMPLIANCE FRAMEWORK

 React to non-conformity and take corrective action

  • Plan, organise, direct and control the actions taken in response to non-conformance.

 

Continually improve suitability and adequacy

  • Create status and progress governance dashboards, and management and operational reports.

 

Communicate benefits realised

  • Summarise and report progress with improvements in the protection of personal data and increases in respect for data subjects’ rights.

 

  

Available Downloads:

Pdf King III and the protection of personal information

Pdf POPI and Big Data

Pdf POPI and Informaton Security

Pdf POPI and Responsible Parties

Pdf POPI and the PAIA Manual

Pdf POPI and Conditions for Processing Personal Information

Pdf POPI and the Information Officer

Pdf POPI and Contracts with Operators

Pdf POPI: Role of Information Officer in System Development.

Pdf POPI and the Impact on Cloud Computing.

Pdf POPI and the Impact on Healthcare Catering.

 

King IV Corporate Governance Assessment

King IV assessmentAssess the current level of your organisation's corporate governance using this King IV assessment tool.

Read more...

COBIT Assessment as a Service

COBIT 5 AssessmentConduct a COBIT assessment using this COBIT Assessment-as-a-Service.

Read more...

POPIA Preliminary Assessments

it governance oversightPOPIA preliminary assessments provide an efficient and effective approach to determining the extent to which the requirements of the Protection of Personal Information Act have been addressed.

Read more...

Go to top