POPIA: Role of Responsible Parties

Responsible parties – those individuals who, alone or in conjunction with others, determine the purpose of and means for processing personal information – are required by the POPI Act to ensure compliance with the conditions for lawful processing of personal information, and the measures that give effect to these conditions.

The Protection of Personal Information Act requires accountability for any processing of personal information. Heads of public bodies, CEO’s of private bodies and the business leaders identified as “responsible parties” who control the purpose and means for processing information are required to ensure compliance with the conditions of lawfully processing personal information set out in the Act.

Business leaders and responsible parties who fail to fulfil their obligations defined in this Act may be charged personally with a criminal offence and face civil claims for damages.

It is the responsibility of the “Responsible Parties” identified by the CEO and listed in the PAIA to ensure that personal information is processed lawfully and in a reasonable manner that does not infringe the constitutional rights of individuals to privacy.

SEMINAR OBJECTIVES

Participants will gain a general understanding of the legal obligations placed on “Responsible Parties”. On completion of this seminar, participants will be able to:

  • Articulate the requirements of the Protection of Personal Information Act
  • Demonstrate an understanding of the conditions for the lawful processing of personal information
  • Describe the role, responsibilities and legal obligations of the responsible parties.
  • Describe the roles and the responsibilities of the other parties concerned about the processing of personal information
  • Identify the effort required to meet the requirements of the Protection of Personal Information Act and to fulfil the conditions for lawful processing personal information contained therein.

 

SEMINAR OUTLINE

Participants will learn through discussion and practical examples how to address the obligations placed on responsible parties by the Protection of Personal Information Act.

This seminar includes topics about:

  • Recording details about Responsible Parties in the PAIA Manual
  • The duties of the Responsible Party
  • Implications of the Companies Act 2008
  • How to differentiate between personal and other data
  • The preparations required prior to updating the PAIA information manual about the processing of personal information
  • Mitigating risks
  • Documentation to be prepared prior to the processing of personal information
  • Processing details to be maintained in the PAIA manual
  • Communicating with data subjects
  • Implications of the conditions for lawful processing of personal information for business activities
  • Controlling the activities of Operators
  • Prior authorisation
  • Working with the Information Regulator
  • Working with the Information Officer
  • The role of Risk Management and Compliance
  • Trans-border exchanges of personal data
  • Consequences of failing to comply
  • Challenges – collection, profiling, cross-marketing, unstructured data, third party processing, secondary use
  • Case studies from industry – local and international
  • An Action Plan to fulfil the obligations of Responsible Parties.