The Protection of Personal Information Act (“the Act”) has now been commenced, which simply means that the entire Act is now valid and everyone has until 30 June 2021 to become compliant. The Act applies to all businesses in South Africa.
To make it easier to implement, we have developed a so-called privacy pack. This is a set of documents which you would have drafted and use within your organisation, which would give you a minimal compliance with the Act. This is the easiest manner to ensure that you have a defensible position should the Information Regulator ever question your compliance with the Act. The privacy packs are broken down into segments so that at the top you have the most critical documents in sections 2 and 3 and then lower level criticality documents in section 4. Section 5 is for reference purposes at this stage as it is better achieved on a case by case basis according to the actual contracts used within your business.
This approach enables organisations to budget and do a piecemeal implementation whilst still keeping track of where they are in the process. Please see this set out below.
1/ General: FREE
- GDPR and POPIA summary setting out an explanation of the similarities (and differences) between POPIA and the GDPR.
2/ Data Privacy Policies and Agreements: R20 000 ex VAT to include documents like
- Privacy Policy;
- PAIA manual compliant with POPIA;
- POPIA compliant NDA.
3/ Data Security Policies: R20 000 ex VAT to include various documents related to organisational and technical measures required to be implement in terms of POPIA as both responsible party and operator, for example
- Document retention;
- Use of company email and IT infrastructure;
- BYOD;
- Data encryption.
4/ Guides: R15 000 ex VAT explaining the various responsibilities your organisation has in terms of POPIA and to assist with internal training on an ongoing basis, for example:
- Duties of Information Officer;
- Guide to Consent for marketing;
- Personal Information Processing Impact Assessment;
- Simple assessment tool.
5/ Clauses: To be billed based on our standard hourly rate ex VAT
- Employment contract;
- Supplier agreements;
- Operator/service provider agreements; and
- Data security clauses or addendum where relevant depending on the nature and extent of processing of personal information by a third party on your behalf.
If you would like us to provide you with a quote, please contact our Data Privacy Law specialist consultant, Sián Fields, via sian@reynoldsattorneys.co.za.