POPIA
DIY
WEEK 8:
Granting access to information
If you regularly receive these kind of requests you may already have a process to deal with them, but let’s review it and make sure that your process is working well.
This week we’re looking at your process for responding to patients’ requests for access to their PI.
Data subject participation is one of the conditions for the lawful processing of PI. Remember, a data subject is anyone with PI.
The condition has two parts:
- Data subjects have the right to request access to their PI.
- Data subjects have the right to ask that you correct, reduce, or delete their records.
If you have a Promotion of Access to Information Act (PAIA) manual you would have addressed this issue already.
If you don’t have a PAIA manual yet, now is a great time to draft one – since you’re thinking about access to information anyway. Just check whether a PAIA manual is a requirement for your business.
Either way – you need a process in place for dealing with requests for PI.
Give your POPIA Pro a call if you need more information about PAIA manuals.
Remember to add to your GAPS list if you don’t have a documented process or a PAIA manual.
WHAT DO YOU DO WHEN YOU RECEIVE A REQUEST FOR ACCESS ?
Follow the easy steps set out in this infographic.
IMPLEMENT THE PROCESS
Document the process and train your staff to handle these requests. Create a public facing process to include in your privacy notice – you have to tell data subjects how they can place these requests.
Remember that you have a free one-hour consultation included with this programme!
Use it, and contact us if you have any questions about this week’s topic.