1. What is POPI Act?-POPI Act, also referred to as POPIA and PoPI, stands for Protection of Personal Information Act. It lays down standards to secure and bring in accountability for collecting, storing, and processing of personal data.
2. When is the POPI Act coming into effect? +Though the official commencement date is yet to be announced, it would certainly be in 2018. There's a grace period of one year from the official date of commencement for you to comply with this act. Non-compliance after the grace period will attract the violation penalty. If you work with any organization from Europe, you will now have to comply with the GDPR too.
3. Who should comply with the POPI Act?+Any organization that deals with the personal data of South African citizens must comply with the POPI Act.
4. What would the non-compliance penalties be? +
- Up to 10 years of imprisonment and/or a fine of up to R10 million.
- An “enforcement notice” requiring the organization to stop processing personal information. The scope of the order can vary and even include business closure.
- Civil action for financial and non-financial harm such as emotional distress or lost time while changing personal information due to identity theft.
5. What should you do to comply with the POPI Act? +
- Prepare: Start by raising awareness about the POPI Act in your organization and study how the process of collecting, storing, and processing personal information can be made secure, to be in tune with the POPI Act standards. The POPI Act's official commencement date may not be announced yet, but you need to start the process of complying with it. The regulations will mostly remain the same, saving maybe a few amendments. Implement the required organizational changes soon so that you're not left scrambling for time once the commencement date is announced.
- Assess: Run an extensive organizational program to check existing processes and identify any gaps or leaks which might prevent you from becoming compliant.
- Plan: Once you assess your existing processes, look for ways to modify them or bring in new ones to plug the gaps.
- Act: Start implementing new processes or make changes to the existing processes so that you can be complaint sufficiently ahead of the end of the grace period.
- Review: Set up a continuous review system to ensure that you not just become compliant but also stay compliant.
6. How will ManageEngine help you comply with the POPIA? +
Simplify POPIA compliance with ManageEngine's Log360, a comprehensive SIEM solution. Log360:
- Ensures accountability in data and incident handling with its exhaustive reports and dashboards on user activities and security incident alerts.
- Manages log data from sources across the network to quickly detect or pre-empt data breach attempts.
- Audits Active Directory changes in real-time to identify critical changes to AD components (security principals, GPOs, OUs, users) to prevent internal security attacks.
- Monitors personal data continuously to ensure its integrity and confidentiality.