DO YOU USE OPERATORS?
Let’s return to your workbook and the Customer PI and HR PI tabs. Try to complete all the fields, especially the column dedicated to third parties who have access to your PI.
And just like that you have your list of operators.
YOU NEED CONTRACTS
The POPIA says you must conclude written agreements with your operators with certain obligations. In terms of these agreements the operators must
- establish and maintain adequate security measures – like those we discussed over the last few weeks,
- ensure their compliance with the POPIA,
- immediately notify you if the POPIA’s requirements are breached – such as a security breach,
- ensure the confidentiality of the PI, and
- not process the PI without the knowledge or authorisation of the responsible party.
Follow these easy steps to get your operator contracts in place.
Remember that you must tell your customers what type of operators you use to process their PI in your privacy notice. For example, if you share their contact details with your accountant.