Most local businesses are aware that if they do not meet the compliance requirements of the Protection of Personal Information Act (POPIA), South Africa’s data protection law, before this year’s deadline of 30 June, they could potentially be fined up to 10 million rand (US$ 700,000) in non-compliance fines. However, it is a stark reality that a number of companies, unsure of where to start, now simply do not have enough time to kick start a six-month legal engagement to rectify this. It is here that First Technology Digital, a future-enabled partner for Digital Transformation can assist, with the introduction of POPICheck, a highly flexible, cloud-based rapid assessment tool that helps organisations gauge their readiness for POPIA compliance.
Gary Finberg, Solution Architect, First Digital, explained that: “Some companies are still under the impression that POPIA compliance will not affect them, but this is not the case. The truth is that consumers now have more rights and protection around their personal information than ever before and organisations are considered to be the responsible parties.
“As a company this would include protecting information about your employees, suppliers, vendors, service providers, business partners, private and public (government) bodies, sole proprietors, traders and juristic persons.”
First Digital’s POPICheck tool, available for download on the Microsoft Azure Marketplace and First Technology’s retail store, Firstshop, helps businesses to easily identify key risks and areas to be addressed to achieve compliance, while also providing prioritised corrective actions. The Pro version of POPICheck includes almost 60 policy and document templates that all organisations need to complete to be compliant.
“POPICheck delivers an easy to follow, yet structured approach based on industry-standard questions. This input makes it possible to measure an organisation’s current compliance status quickly and accurately, and then prescribe the appropriate remediations and associated policy templates required to achieve full compliance,” added Finberg.
The app assesses four critical business areas namely: policy and strategy, lifecycle and process, security and people. These are aligned with the eight conditions defined in the act. Each section incorporates specific questions, with three predefined answers apiece. Answers are weighted and produce an overall POPIA-readiness score per area.
Finberg explained that “These sets of results are then combined to produce an overall ‘Organisational Readiness’ score. Based on the answers provided, the tool proposes a series of corrective actions for each area and an overall recommendation for the steps and remediations required for the company to achieve compliance. This guide is also available in report format at any point during the assessment.
According to Finberg, one of the greatest advantages of POPICheck is that, while it is fully aligned to POPIA compliance protocols, it is extremely easy to use with little training required. “As a Software-As-a-Service (SaaS) tool, POPICheck also does not require upfront infrastructure investments, customers only need bandwidth and a browser. The tool retains an audit trail of individual and team assessments. It also allows them to download a custom POPI Compliance Manual based on the policies they have completed at any given point,” he said.