From CompliNEWS | Financial Service Intelligence Watch
The understanding of the Protection of Personal Information Act (PoPIA) necessitates a critical analysis of the potential compliance gaps within an organisation in order to accurately measure and identify areas within an organisation’s various business operations that fall short of the requirements set out in the Act. To achieve the desired outcome, organisations must develop a clear understanding of the Personal Information Impact Assessment process (PIIA), reports cms-lawnow.com.
The PIIA is a mechanism by which organisations are able to measure compliance with the Act and can be a catalyst for the successful integration of the requirements of POPIA within the context of an organisation’s operations. This process entails measuring an organisation’s existing controls for the management of personal information against the lawful processing conditions set out in the Act. In implementing the PIIA process, organisations can distinguish (with some accuracy) between the various classes of information set out in the Act, ie special personal information, personal information subject to the exclusions set out in the Act etc. Further to this and where applicable, PIIA processes are designed to further identify classes of information subject to the consent requirements set out in POPIA, eg the processing of a minor’s personal information.