To get practical POPIA compliancy takes a team. These are our top tips for a successful compliancy plan.
Choose a compliancy program that is right for your business and involve service providers from the start
There are many POPIA compliancy programs that are available via subscription or other methods. These are from either legal, compliancy or learning institutions. While some programs offer a full range of legal services, others offer learning modules that offer limited practical assistance (companies on a budget might opt for the latter). Whichever you choose, make sure that you involve your IT company and software providers early. If providers offer service-specific compliancy talks, consider hiring them for a day. You need their expertise to inform your company’s policies and to implement your specific compliancy plan. If you are in the market for a new provider (you may be looking into a new CRM program for your business) opt for those that are already compliant to avoid multiple software updates over the next few months.
Share information with staff on a regular basis
No POPIA compliancy plan will succeed if the people who must ensure compliancy are not aware of the scope of their role. Share information with your staff regularly and make sure they understand why they are performing tasks in a certain way.
Make sure that operators are compliant
Make sure that you as the responsible party has operator contracts in place. Visit the premise of operators to ensure that they are truthful about how they process information and keep it safe.
Write policies that make sense
Internal company policies should be, as far as possible, written in plain language. Policies should also reflect and guide actual daily tasks. If a policy does not take into account the practical reasons for staff performing tasks a certain way, it will make it harder for them to follow it.
Involve a marketing specialist
If your company advertises its products or services online, consider a consultation with a marketing specialist who is up to speed with POPIA. Online marketers will be able to advise you on how you may within the guidelines of the Act practically collect information from clients via social media and other platforms.
Your POPIA complaincy plan needs you
There are many POPIA programs that will assist you to understand your obligations under the Act. However, compliancy takes a team, and you are part of that team. Be involved in developing new policies and procedures. No one knows your business better than you do.