Associations
• External Communication : Communication shared with clients may require authorisation from the company ’ s target markets .
• Incident Management : Organisations will need to set up an incident management process to handle any data breaches in the sharing of personal information .
• Contract amendments : Existing contracts and obligations of service providers will need to be amended in accordance with the Act .
Businesses within the construction sector can ensure that they are POPIA compliant by :
• Appointing an information officer – this is mandatory for all companies in South Africa .
• Maintaining a catalogue of data protection threats .
• Regularly monitoring privacy business practices .
• Performing regular data protection threat assessments .
• Having an open-book policy with clients and advising them about the information the organisation is storing .
• Conducting awareness sessions with employees , clients , stakeholders and other third parties .
• Ensuring that personal data is always up to date .
Hattingh mentions that , although the Act might seem onerous , it comes with benefits as well , particularly for the construction sector . “ Private employee records will now be stored more effectively and can be discarded once contracts come to an end . Clients will feel more comfortable knowing that their personal information is kept secure and not shared or sold to third parties . Another benefit of the Act is that it empowers companies by requiring that their internal processes and policies be reviewed often in order to comply ,” says Hattingh .
Prior to the POPI Act coming into effect on 1st July 2021 , Information Regulator Chair - Pansy Tlakula reported that technical glitches with the registration system were being experienced due to the increased volume of traffic on the site . However , the regulator assured that , as a result , no penalties would be applied for late registration . MBAWC encourages members to monitor the situation and to register when these issues have been rectified .
The MBAWC values and supports the POPI Act , and members can be assured that their information is securely stored . “ We have appointed an information officer to oversee the implementation of POPIA in the organisation . When requested , we are also assisting our smaller member companies to reach POPIA compliance ,” Hattingh concludes . RACA
22
RACA Journal I September 2021 www . hvacronline . co . za