COMPLIANCE SERVICES

We offer the POPIA, GDPR and PCI DSS auditing and compliance services

By adopting the following key accelerators, organisations can fast-track their the POPIA implementation:

Enquiries

Complete the below to book your free POPIA consultation.

I allow Code Craft to receive and store my submitted personal information.

In partnership with:

Brooks
Secure accountability with relevant executives

Accountability is critical for any privacy programme to succeed. It is important for organisations to determine their view of privacy and how they plan to comply with the regulatory requirements. Based on this, agree on a number of key objectives that can be further developed into a strategy and framework to drive the implementation project.


Allocate the Privacy Officer role

By default, the head of the organisation is the Privacy Officer. However, the POPIA allows for this role to be delegated. Decide now who will be responsible – will it be the Compliance Officer, Head of Risk or somebody else in the organisation? Take this individual on the journey from the start.


Follow a risk-based approach

Many the POPIA programs have been derailed due to teams trying to implement the requirements of the POPIA without considerations of their unique business context. A risk-based approach to the POPIA compliance, agreed with the Board or Steering Committee, will ensure focus remains on prioritising the most important the POPIA compliance requirements first.


Integrate with existing compliance structures

the POPIA is a compliance requirement and much effort can be saved by integrating it into existing compliance structures and processes, such as compliance management, risk management, internal audit and audit and risk committee reporting. Without an appropriate compliance process in place, it may be challenging for organisations to drive the POPIA in isolation.


Align with other initiatives

It is important to coordinate your the POPIA initiatives with related initiatives within your organisation, particularly in areas such as cybersecurity, data classification and PCI compliance to avoid unnecessary duplication of effort and ensure alignment to business objectives.


Drive behavioural change through training and awareness

Change management is a critical part of embedding privacy into the culture of the organisation. Through training and awareness, the culture of the organisation can embrace change in how they handle data, which then results in changed behaviours.


Get help outside the organisation

Develop a risk-based and prioritised implementation plan. Look inside for skills, but reach out for assistance from professionals, such as those with multi-disciplinary teams between privacy, legal, data, advisory and cyber security specialists where you don’t have the skills within your organisation.

Talk

How can we help?

We have advised and assisted many organisations, from small enterprises to large corporates, in their the POPIA compliance journeys. Based on our experience in providing privacy advisory, legal and cyber security services to our clients we have defined a holistic framework for the management of privacy risk that is designed to enable organisations to leverage good practices that can be tailored to address each organisation’s unique privacy vision and risk exposure.

Privacy training

Training is an important aspect in your the POPIA compliance journey. The likelihood of complying with the requirements of the POPIA is very slim if the individuals in your organisation do not understand the legislation and the role they need to fulfil to ensure that the purpose of the POPIA is carried out appropriately.We provide training at two levels, for executives (owners and directors of an organisation) and for employees (including management). Training covers aspects such as the purpose of the POPIA, insight into the key sections covered by the POPIA and training specific to the organisation’s the POPIA policy standards.

Who does it impact?

the POPIA impacts all South African organisations, both public and private, that collect, create, use, store, share or destroy personal information

What happens if I do not comply?

Non-compliance with the POPIA can have serious repercussions for organisations, their employees and their customers.
Impact on organisation
  • Financial penalties
  • Criminal sanctions
  • Loss of revenue resulting from negative press, damaged reputation
  • Losing customer trust
Impact on employee
  • Disciplinary action and dismissal
  • Misuse of personal data
  • Private or confidential data being published

Key questions you should be asking:

  • Where do I start?
  • How can I prioritise my implementation activities to comply with the POPIA?
  • What is the POPIA impact for my organisation?
  • What data do I process and why?
  • Where is data stored?
  • Who do I share data with and why?
  • Is my data secure?
  • How do I maximise the value of my data in a legally compliant way?
  • Is my organisation affected by other privacy laws in countries I operate out of?
    • Department of health: Click here for Corona Virus Information. Code Craft Proudly South African.

    © Copyright 2021 Code Craft ZA (Pty) Ltd All Rights Reserved