POPIA is here! Time to get compliant
In amongst all that’s already happening in and around the country, on the 22 of June, the Presidency announced that the POPI commencement date is 1 July 2020, which makes the deadline for organisations to comply 1 July 2021.
What is the POPIA?
POPIA is a piece of legislation designed to protect the personal information of both individuals and businesses which is processed by both private and public bodies. It has its origins in Section 14 of the Constitution of the Republic of South Africa (Act No. 108 of 1996), which governs our rights to privacy.
Where does ATG fit in?
ATG devices replace the non-compliant paper logbook and digitally captures certain personal information by scanning your documents, licences, etc. ATG Digital takes the protection of personal data very seriously and has recently completed a comprehensive data protection program in order to align with the International GDPR legislation which is already in effect, as well as pre-emptively aligning with the South African POPI Act.
Under POPIA and GDPR, ATG is considered an OPERATOR as it facilitates the collection of information from the data subject at sites owned/rented/managed/secured by our clients. Our client, as the defined Responsible Party, is the sole owner of the information collected via ATG Devices and will have additional Privacy Policies in place to safeguard this information and the way they use/access it.
What makes ATG POPI compliant?
1. All information scanned by our devices is encrypted and immediately uploaded to secure cloud
storage. The information cannot be viewed or retrieved on the device thereafter.
2. The information that has been captured can only be accessed by:
Authorized personnel of the responsible party for their purposes
Authorized personnel of ATG at the request of the responsible party; by an officer of the law; or by the data subject in accordance with the Act.
3. In order to ensure the safety of all the information that we gather on behalf of responsible
Passwords are required by both the responsible party, as well as by all duly authorized ATG personnel.
All staff are carefully screened before employment and sign a Non-Disclosure Agreement as part of their employment contract.
Access to customer data is monitored via software installed on personnel PC’s and any suspicious activity is flagged and immediately actioned.
4. Information is subject to no further processing by ATG: we are morally, contractually and legally
bound not to access any data for our own purposes, nor to share data with any third party.
Third parties include but are not limited to marketing agencies and their affiliates; other clients;
employees; the general public.
5. ATG will retain your personal data for no longer than it is authorized by POPIA.
For organizations, the enactment will mean a fair amount of time, money and effort to become aligned with the legislation. For data subjects like you and me, the enactment will hopefully bring some piece of mind that our personal information is being adequately safeguarded.
“If you think compliance is expensive, try non-compliance”
If you have any questions regarding ATG’s Data Privacy Policies or Procedures, or would like to learn more about how we can help you become POPI compliant, feel free to get in touch!
010 500 8611