Protection of Personal Information Act (POPIA)

Supporting POPIA
Compliance

Boldon James Classifier, the market leading data classification product, supports compliance with the Protection of Personal Information Act (POPIA) by:

Ensuring appropriate control
of confidential or sensitive information

Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements

Alerting users when personal data is leaving the organisation to warn or prevent them from sending messages that contain sensitive information

Educating users about the sensitivity of data whilst ensuring adherence to corporate policy

Providing critical audit information on classification events to enable remediation activity and demonstrate compliance position to regulatory authorities

Enabling rapid search and data retrieval based on classification labels to support subject access requests

Utilising metadata labels to drive additional security controls and solutions, such as DLP, encryption and rights management

Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements

Fact Sheet:
The Protection of Personal Information

Brochure:
Corporate
Brochure

About
The Protection of Personal Information Act (POPIA)

The Protection of Personal Information Act 4 of 2013 (POPIA) introduces an overarching regulatory framework for the processing of personal information and was ratified on 19 November 2013. The POPI Act intends to promote the protection of personal information processed by public and private bodies and introduces minimum requirements for the processing of personal information. To date, only certain sections of the POPI act have come into effect, with the remaining sections coming into effect upon proclamation of a commencement date by the President.

The enactment of the POPI Act was intended to stem the tide of free-flowing personal information and offer protection to South Africans seeking to uphold their constitutional rights to privacy and dignity, as well as bringing South Africa on par with those countries which have existing data protection legislation, such as the EU GDPR.

In simple terms, the purpose of the POPI Act is to ensure that all South African institutions conduct themselves in a responsible manner when collecting, processing, storing and sharing another entity’s personal information by holding them accountable should they abuse or compromise your personal information in any way.

It is important for organisations not to become complacent and start getting their data protection practices in order now – determining the risks to be managed, understanding what data needs to be protected and starting to secure it now, and putting resources and policies in place. The best place to start is with data classification – the first step to a truly data-centric approach to protecting personal information

Key Features
Of The POPIA

Maximum fines for non-compliance can be up to R10million and could result in a prison term for those deemed responsible
The Information Regulator has power to issue an Enforcement Notice requiring the organisation to stop processing personal information
POPI provides for the appointment of an Information Regulator (IR), who is responsible for investigating the breach and monitoring and enforcing compliance with POPI as well as the Promotion of Access to Information Act
Disclosure of a breach must be given to the Information Regulator, as well as affected individuals
All organisations, regardless of size or location, must comply with the POPI Act if they hold any personal data on South African citizens
Examples of “personal information” for an individual could include identity and/or passport number, private correspondence, employment history, health information and membership of unions

Why choose
Boldon James

With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.