Not another POPIA white paper: 10 years, 10 lessons
It has been a decade since talk of the Protection of Personal Information Act started. Ten. Years. And finally we have an effective date. It is 1 July 2020. That’s right; it means that we have until 30 June 2021 to become compliant. We’ve been talking about it for so [...]
How to start your POPIA compliance project during lockdown
It’s week 5 000 of the national lockdown, so we reckon everyone will appreciate a change of focus (since we can’t change the scenery). From what we can tell, most people’s pace during lockdown is either crazy-busy or bored-to-tears. So, for those of you leaning towards the bored spectrum, here [...]
Are you mature enough for POPIA?
Many of our projects begin with a similar story from new clients, ‘We made our first attempt to become POPIA compliant in 2015, but nothing changed. We asked ABC to help us in 2017 and we wrote 1000 policies and sent the whole company on training, but we are no [...]
Life or privacy: do we really have to choose? A reading list.
My recent talk at the IAPP CapeTown/Johannesburg KnowledgeNet was around privacy, ethics and trust in the time of COVID-19. Here is some additional reading. 1. I feel like I am stuck in a movie ‘We're working very hard to find out where this virus came from. To treat it and [...]
It’s time to put on your own oxygen mask
We all know the announcement at the beginning of a flight (remember those?): ‘In the event of a loss of cabin pressure, an oxygen mask will automatically drop from the ceiling. To start the flow of oxygen, pull the mask towards you. Place it firmly over your nose and mouth, [...]
POPIA is coming, look busy.
Why the face? The Information Regulator asked the President to announce 1 April 2020 as the commencement date for the Protection of Personal Information Act (POPIA). 1 April is also an auspicious date widely known as April Fools Day. It is lesser known as Sourdough Bread Day. On 1 April [...]
Write policies that matter
We *heart* policies. Done well they can increase efficiency, improve teamwork, establish culture and protect everybody. Check out how we approach policies. Disclaimer: these slides are not for box tickers. And no, we don't have templates - one size fits all fits no one.
Does data minimisation spark joy?
The minimality requirement The requirement of minimality is one of the conditions for processing personal information in the Protection of Personal Information Act (POPIA). The POPIA provides that personal information can only be processed ”if, given the purpose for which it is processed, it is adequate, relevant and not excessive”. [...]
Hacks, leaks and breaches: the critical need for data privacy and regulation
Elizabeth sat down with Red And Yellow Creative School of Business to chat about all things POPI vs GDPR and data privacy in the South African context. Fortunately for us, they caught it all on camera. Enjoy. https://youtu.be/p9NIVd4WF8g
Hacking data breaches: We need a new breed of compliance officer
R58.4 million. This is the average cost of a data breach today according to IBM. It is no surprise then that cyber resilience is top of mind for CEOs the world over. But what does this mean for compliance officers? What should we be doing to address data breaches? And [...]
Why your legal and compliance teams need a #complianoscopy
Hardly a day goes by that clients don’t ask for recommendations on what new legal or regulatory technology to get to help their in-house legal or compliance teams perform better. The frequency of the question is not surprising – legal- and regtech is the hottest ticket in town. Investment in [...]
Direct marketing and the dreaded consent
Everywhere we go, we are asked the same questions. Do we really have to use the terrible, horrible, no good, very bad form 4, to get consent for direct marketing when the POPIA comes into effect? And do we then really have to get consent again from our current database? To answer [...]