Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPIA)

Access to information or records and the protection of certain types of information or records in South Africa are mainly regulated by the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPIA).

The POPI Act is South Africa's equivalent to the European Union General Data Protection Regulation (EU GDPR). The Act sets a number of conditions for organizations to lawfully process the personal information of data subjects (both juristic and natural persons).

The POPI Act has the biggest impact on organizations that process loads of information, especially personal information, account numbers, children's information, etc. and the most affected industries are healthcare, financial services and marketing. Every business and organisation, irrespective of the nature of their business activity, have in their possession certain information that must be protected for their own interest, which include but is not limited to:

business trade secrets

personal information of other entities or individuals, such as employees, clients, customers, etc.

Failure to comply with legislations around the protection of this sorts of information could have far-reaching criminal and civil implications for the organisation's head and directors. Businesses are then compelled by law to compile, submit and streamline certain documents to regulators on a regular basis.

Alignment across the total spectrum of organizations business process is therefore essential for businesses and organisations to survive in an ever-growing and regulated technologically advanced and challenging environment. Policies frameworks developed in terms of the PAIA and POPI are very important legal documents and require specialized attention to withstand future legal scrutiny and fully protect the business or organization. These documents form the foundation of information compliance, while the synergy and alignment of all documents form the cornerstone of protection.

It is for these reasons that iMbobo App NPC has taken initiatives to compile and update information manuals as required by PAIA Section 51 for private entities, and also updated its organizational policies to fully comply with procedures as required by POPI by setting up an Information Security Management System (ISMS) and associated policies where the physical information and cybersecurity risks of our organization are identified and managed to maintain the confidentiality, integrity and legitimate availability of data.

For our business or organization to be fully information compliant, we had to assess all of the following:

Agreements

Employment contracts and policies

Corporate governance documents and structures

Our Enterprise Software Platforms

Contact Records Management Division

Please, feel free to contact our records manager at the following address as well:

information.officer@imbobo.org.za