The Protection of Personal Information Act (POPIA) came into effect on 1 July 2020 with a grace period of one year. The grace period ends as of 1 July 2021, and the reality of the implications of non-compliance is causing many companies to have to respond quickly and get their processing of personal information in order. The good news is that RecruitMyMom can help and becoming POPIA compliant is not an impossible task.
How to hire a POPIA Information Officer?
You can either hire a Deputy Information Officer on contract to do a compliance audit and implement the correct processes, or you can hire someone in a permanent position (either full time or part time) to be the dedicated compliance officer. RecruitMyMom has a number of qualified candidates who are available, simply load a job here.
What does a POPIA Information Officer do?
There are eight identified conditions which must be met in order for a business to be POPIA compliant. The Information Officer must ensure that these conditions are met and that future processes are adhered to.
Here are the eight conditions for lawful data processing:
- Accountability - Appoint a person in the company as the responsible party. This person can be held responsible for non-compliance.
- Processing Limitation - Ensuring that the processing of personal information is done in a fair and lawful manner with consent from the data subject.
- Purpose Specific - Review the reason behind collecting personal information and only collect the data if required for a specific reason.
- Further Processing Limitation - Ensure that personal information is only used for the reason it is intended.
- Information Quality - Reasonable steps must be taken to ensure that personal information is complete, accurate and not misleading.
- Openness - Inform the data subject which information is being collected and how it will be used.
- Security Safeguards - Reasonable technical steps must be taken to ensure minimal risk of loss, unauthorised access, interference, modification, destruction and disclosure of the data.
- Data Subject Participation - The data subject must have some measure of control over processing of personal information. This includes being able to delete their information.
- Find out more about these eight conditions here.
What background or education does an Information Officer need?
It is not a necessary requirement for a POPIA Information Officer to have a specific qualification or experience. Backgrounds including, but not limited to, marketing, HR, law, risk and compliance, business management and information technology are all well suited to the job.
What is necessary is experience in or knowledge of the POPI Act. There are a number of South African institutes that offer courses in POPIA compliance. Someone with GDPR experience (the EU equivalent to POPIA) could qualify using their transferrable know-how. RecruitMyMom has a number of candidates on our database who could help you to implement the eight steps as well as assist your business on a longer term.
Visit RecruitMyMom, South Africa’s award-winning online recruitment agency specialising in skilled part-time and flexible work.