Understanding POPI Act & Its Implications for Internal Auditors
Explore the impact of the Protection of Personal Information (POPI) Act on the role of internal auditors. Learn about the background, importance, and compliance requirements of the POPI Act in South Africa.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
The impact of Protection of Personal Information (POPI) Act on the Role of Internal Auditors @ Audit and Risk Indaba 2017 By: Ms Peterlia Ramutsheli (072 957 2978)
Who is Bono Skills Development? PSETA and LGSETA Accredited Training Provider Formal Classroom Training On-the-job Training
Table of Content 1. 2. 3. 4. 5. 6. 7. 8. What is POPI Act? POPI Act Background What is personal information? Why is POPI Act important? Areas affected by POPI Act Risks facing organisations if there is non-compliance with POPI Act How are Internal Auditors impacted? A road to becoming POPI Compliant
What is POPI Act? POPI Act is a South Africa s primary legislation dealing with the processing of personal information. The POPI Act was signed into law by the President of South Africa on 19 November 2013.
POPI Act Background The right to privacy as enshrined in Section 14 of the Constitution of the Republic of South Africa, must be respected or adhered to at all times The right to privacy is a fundamental human right in the constitution Therefore, the use of personal information must be done lawfully and not infringe the right of individual s privacy
POPI Act Background The President has appointed Adv Ntlakula to be the Information Regulator and she commenced duty on 01 December 2016. Her mandate will be to monitor compliance with the requirements of the POPI Act.
POPI Act Background Organisations will have only 1 year to get their processes and systems aligned with the conditions of the POPI Act. Therefore, organisations needs to start the process of converting their processes and systems NOW in preparation for the compliance with the requirements of the POPI Act
What is Personal Information? means information relating to an identifiable, living natural person, and where it is applicable, existing juristic person, including, but not limited to: Trade union Race Physical Address Disability Criminal Criminal Gender Name Religion Marital Status Contact Details Financial Political Persuasion Age Personal Opinions Biometric information Employment History Medical Education
Why is POPI Act important? (1) Economic Benefit South Africa has many bilateral and multi-lateral agreements with various countries which are good for growing our economy However, some countries do not want to associate themselves with countries which do not have adequate data protection laws in place hence South Africa had to align itself, through the POPI Act, with International Data Protection best practices such as European Union (EU) Data Protection Directive
Why is POPI Act important? (2) Protect People s Constitutional Right to Privacy South Africans are going through excessive abuse and harassment in a form of smses, emails and calls selling various goods and services without their consent Fraudsters steal/fake people s documents and execute financial transactions. The sad part is employers becomes part of this crime by confirming employments without the relevant employees knowledge/ consent
Why was POPI Act introduced? POPI Act says as organisations use the personal information of its data subjects to do its normal business, they should not abuse or information unlawfully to infringe their privacy. POPI Act seek to balance the legitimate needs organisations constitutional right to privacy of individuals whose information is being used by those organisations. of the the with use such personal
Risks facing organisations if there is non-compliance with POPI Act If organisations fails to comply with the POPI requirements, this may give rise to serious risks such as: Administrative fines such as those prescribed by (POPI) Act, i.e. up to R10 million fines and/or up to 10 years imprisonment by responsible officials
Risks facing organisations if there is non-compliance with POPI Act Failure to attract new donors or withdrawals by the current ones Retaliation by affected Data Subjects using available internet consumer sites and social media Reputational harm to the organisation
How are Internal Auditors impacted? POPI conditions introduces new ways which organisations should collect, share, store, archive, retain and destroy the personal information of its Data Subjects and this posses new category of risks called personal information protection risks Therefore, Internal Auditors as the Business Advisors should advise organisations to amend its processes and systems to align with the conditions of the POPI Act for the above risks to be mitigated.
How are Internal Auditors impacted? But how should Internal Auditors provide this advise to the organisation s Management???
How are Internal Auditors impacted? Internal Auditors should advise Management through: Identifying the personal information protection risks during the planning of their audits Incorporating the audit procedures which will test POPI compliance conditions Make relevant recommendations which will enable organisations to move towards being POPI Compliant
How are Internal Auditors impacted? To advise Management adequately and effectively, Internal Auditors will need to have a detailed knowledge of: The conditions of the POPI Act and what they mean to the organisation s operations What approaches from start to end should be applied by the organisation to convert its processes and systems to align fully with the conditions of the Act
How are Internal Auditors impacted? This knowledge will enable YOU to make informed and correct recommendations in your audit reports and above all it will help you to remain RELEVANT within the organisation
A road to becoming POPI Compliant? To be POPI Compliant, an organisation would need to: 1. Make all employees aware of the conditions and requirements of the POPI Act through an Awareness and Training as this will enhance compliance 2. Internal Audit Department to conduct a POPI Readiness Review to identify the organisation s current state of compliance with the Act and know which areas are requiring the attention
A road to becoming POPI Compliant? 3. Develop a POPI Implementation Plan based on the action plans highlighted in the POPI Readiness Review Report 4. Implement the action plans outlined into the POPI Implementation Plan to move the organisation into being fully POPI Compliant, i.e. convert processes and systems to comply with the POPI Act
A road to becoming POPI Compliant? Bono Skills Development specializes in rendering all the services described under paragraph 1-4 above. We provides a customized training which would assist your organisations to have a detailed knowledge of: The conditions and requirements of the POPI Act and how they affect the organisations operations What process should be followed by the organisations from start to end to implement the conditions of the POPI Act
Our customised training is delivered through 3 PHASES Develop and Deliver Suitable Training Course Conduct Needs Analysis Conduct Training Impact Assessment
In Conclusion Protection of personal information isn t a choice It is the law and we are all affected
Appreciation For For Your Time Thank You Listening
