POPIA – Protection of Personal Information Act

Assess your IT infrastructure for compliance gaps and adhere to POPIA recommendations with SharkStriker’s professional compliance management services.

SPEAK WITH AN EXPERT
OVERVIEW

Understanding
POPI Act

For the protection of citizen’s personal information, the South African government enacted the Protection of Personal Information (PoPI) Act in 2020.

It was enforced in 2021, requiring organizations to protect information and configure ISMS as per POPIA recommendations. It states punishment for non-compliance. The maximum fine that can be levied is up to R10 million, with prison time for extreme cases. See how SharkStriker helps organizations become POPIA compliant.

APPLICABILITY

On whom does POPIA compliance apply?

It is applicable to all the large, medium and small public and private organizations that are based ion or outside South Africa who deal with the personal information of South Africans.

BENEFITS

What are the benefits of being POPIA compliant?

  • Improves the overall cybersecurity posture
  • Provides comprehensive guidance to secure sensitive information
  • Enhances information security
  • Secures from reputational loss
  • Saves from the costs of non-compliance
  • Secures organizations from operational disruptions due to cyber incidents
  • Guides for security against third party security risks
  • Enhances reputation among clients
REQUIREMENTS

POPIA requirements

Some of the primary cybersecurity requirements of the POPIA include:

Section 19

Security safeguards for integrity and confidentiality of personal information.

19
Section 20

Information processed by operator or person acting under authority.

20
Section 21

Security measures regarding information processed by operator.

21
Section 22

Notification of security compromises 

22
APPROACH

Here is how we help organizations become POPIA compliant

We engage in a full-blown security assessment of the status quo IT infrastructure and conduct an extensive POPIA compliance gap analysis.

Once we are done assessing the status quo infrastructure of compliance fulfillment, we devise a plan with all the security best practices, policies, procedures, and measures to be taken for complete PoPI compliance. It is the most critical step since it directly impacts which entities will be affected and what will be the methodologies used to ensure compliance.

We engage in the overall improvement of cybersecurity posture, deploying services that utilize cutting-edge solutions such as SIEM that offer all the necessary events and logs for compliance. We safeguard all your information assets and deploy all the necessary technologies specified in POPIA guidelines.

Post implementation, we engage in a head-to-toe audit of an organization’s infrastructure, looking for deviations from the compliance plan.

Through periodical compliance and security assessments, we ensure that the organization is adhering to the latest POPIA requirements and proactively addresses the compliance gaps.

We develop training modules to address awareness gaps across the organization at all levels. We raise awareness of some of the best information security practices that they can individually adopt to secure themselves digitally.

BEST PRACTICES

Some POPIA best practices we help implement

  • Comprehensive POPIA gap analysis and assessment
  • Classification of information based on sensitivity and use
  • Third-party risk management
  • Access control management
  • Information quality management
  • Taking measures for the availability of data and business continuity
  • Defining clear roles and responsibilities for incident response

Get the security and compliance experts to meet your POPIA compliance goals

SPEAK WITH OUR TEAM