Presentation is loading. Please wait.

Presentation is loading. Please wait.

By: Ms Peterlia Ramutsheli

Published byElwin Merritt Modified over 7 years ago

Similar presentations

Presentation on theme: "By: Ms Peterlia Ramutsheli"— Presentation transcript:

1 By: Ms Peterlia Ramutsheli
The impact of Protection of Personal Information (POPI) Act on the Role of Internal Auditors @ Audit and Risk Indaba 2017 By: Ms Peterlia Ramutsheli ( )

2 Who is Bono Skills Development?
Formal Classroom Training PSETA and LGSETA Accredited Training Provider On-the-job Training

3 Table of Content What is POPI Act? POPI Act Background
What is personal information? Why is POPI Act important? Areas affected by POPI Act Risks facing organisations if there is non-compliance with POPI Act How are Internal Auditors impacted? A road to becoming POPI Compliant

4 What is POPI Act? POPI Act is a South Africa’s primary legislation dealing with the processing of personal information. The POPI Act was signed into law by the President of South Africa on 19 November 2013.

5 POPI Act Background The right to privacy as enshrined in Section 14 of the Constitution of the Republic of South Africa, must be respected or adhered to at all times The right to privacy is a fundamental human right in the constitution Therefore, the use of personal information must be done lawfully and not infringe the right of individual’s privacy

6 POPI Act Background The President has appointed Adv Ntlakula to be the Information Regulator and she commenced duty on 01 December 2016. Her mandate will be to monitor compliance with the requirements of the POPI Act.

7 POPI Act Background Organisations will have only 1 year to get their processes and systems aligned with the conditions of the POPI Act. Therefore, organisations needs to start the process of converting their processes and systems NOW in preparation for the compliance with the requirements of the POPI Act

8 Biometric information
What is Personal Information? means information relating to an identifiable, living natural person, and where it is applicable, existing juristic person, including, but not limited to: Trade union Disability Physical Address Race Criminal Criminal Gender Name Religion Marital Status Contact Details Financial Political Persuasion Age Personal Opinions Biometric information Employment History Medical Education

9 Why is POPI Act important?
(1) Economic Benefit South Africa has many bilateral and multi-lateral agreements with various countries which are good for growing our economy However, some countries do not want to associate themselves with countries which do not have adequate data protection laws in place hence South Africa had to align itself, through the POPI Act, with International Data Protection best practices such as European Union (EU) Data Protection Directive

10 Why is POPI Act important?
(2) Protect People’s Constitutional Right to Privacy South Africans are going through excessive abuse and harassment in a form of smses, s and calls selling various goods and services without their consent Fraudsters steal/fake people’s documents and execute financial transactions. The sad part is employers becomes part of this crime by confirming employments without the relevant employees’ knowledge/ consent

11 Why was POPI Act introduced?
POPI Act seek to balance the legitimate needs of the organisations with the constitutional right to privacy of individuals whose personal information is being used by those organisations. POPI Act says as organisations use the personal information of its data subjects to do its normal business, they should not abuse or use such information unlawfully to infringe their privacy.

12 Areas affected by POPI Act

13 Risks facing organisations if there is non-compliance with POPI Act
If organisations fails to comply with the POPI requirements, this may give rise to serious risks such as: Administrative fines such as those prescribed by (POPI) Act, i.e. up to R10 million fines and/or up to 10 years imprisonment by responsible officials

14 Risks facing organisations if there is non-compliance with POPI Act
Failure to attract new donors or withdrawals by the current ones Retaliation by affected Data Subjects using available internet consumer sites and social media Reputational harm to the organisation

15 How are Internal Auditors impacted?
POPI conditions introduces new ways which organisations should collect, share, store, archive, retain and destroy the personal information of its Data Subjects and this posses new category of risks called personal information protection risks Therefore, Internal Auditors as the Business Advisors should advise organisations to amend its processes and systems to align with the conditions of the POPI Act for the above risks to be mitigated.

16 How are Internal Auditors impacted?
But how should Internal Auditors provide this advise to the organisation’s Management???

17 How are Internal Auditors impacted?
Internal Auditors should advise Management through: Identifying the personal information protection risks during the planning of their audits Incorporating the audit procedures which will test POPI compliance conditions Make relevant recommendations which will enable organisations to move towards being POPI Compliant

18 How are Internal Auditors impacted?
To advise Management adequately and effectively, Internal Auditors will need to have a detailed knowledge of: The conditions of the POPI Act and what they mean to the organisation’s operations What approaches from start to end should be applied by the organisation to convert its processes and systems to align fully with the conditions of the Act

19 How are Internal Auditors impacted?
This knowledge will enable YOU to make informed and correct recommendations in your audit reports and above all it will help you to remain RELEVANT within the organisation

20 A road to becoming POPI Compliant?
To be POPI Compliant, an organisation would need to: Make all employees aware of the conditions and requirements of the POPI Act through an Awareness and Training as this will enhance compliance Internal Audit Department to conduct a POPI Readiness Review to identify the organisation’s current state of compliance with the Act and know which areas are requiring the attention

21 A road to becoming POPI Compliant?
Develop a POPI Implementation Plan based on the action plans highlighted in the POPI Readiness Review Report Implement the action plans outlined into the POPI Implementation Plan to move the organisation into being fully POPI Compliant, i.e. convert processes and systems to comply with the POPI Act

22 A road to becoming POPI Compliant?
Bono Skills Development specializes in rendering all the services described under paragraph 1-4 above. We provides a customized training which would assist your organisations to have a detailed knowledge of: The conditions and requirements of the POPI Act and how they affect the organisations’ operations What process should be followed by the organisations from start to end to implement the conditions of the POPI Act

23 Our customised training is delivered through 3 PHASES
Conduct Needs Analysis Develop and Deliver Suitable Training Course Conduct Training Impact Assessment

24 In Conclusion… Protection of personal information isn’t a choice… It is the law and … we are all affected

25 Appreciation For Listening For Your Time Thank You

Download ppt "By: Ms Peterlia Ramutsheli"

Similar presentations

Institute of Municipal Finance Officers & Related Professions

Institute of Municipal Finance Officers & Related Professions
Audit of predetermined objectives Presentation: Portfolio Committee on Economic Development March 2013.

Audit of predetermined objectives Presentation: Portfolio Committee on Economic Development March 2013.
CIVILIAN SECRETARIAT FOR POLICE. PRESENTATION TO THE SELECT COMMITTEE ON SECURITY AND CONSTITUTIONAL DEVELOPMENT OF THE NCOP 11 SEPTEMBER 2013 CRIMINAL.

CIVILIAN SECRETARIAT FOR POLICE. PRESENTATION TO THE SELECT COMMITTEE ON SECURITY AND CONSTITUTIONAL DEVELOPMENT OF THE NCOP 11 SEPTEMBER 2013 CRIMINAL.
PORTFOLIO COMMITTEE MEETING; 14 NOVEMBER 2013 PRESENTATION ON WOMEN EMPOWERMENT AND GENDER EQUALITY BILL, 2013.

PORTFOLIO COMMITTEE MEETING; 14 NOVEMBER 2013 PRESENTATION ON WOMEN EMPOWERMENT AND GENDER EQUALITY BILL, 2013.
Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.

Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.
CLEAN AUDIT PROGRAMME - COMMUNITY DEVELOPMENT 2012/13 07 January 2014 Community Development.

CLEAN AUDIT PROGRAMME - COMMUNITY DEVELOPMENT 2012/13 07 January 2014 Community Development.
Briefing to the Portfolio Committee on Economic Development Department on the audit outcomes for the 2013/2014 financial year Presenter: Ahmed Moolla October.

Briefing to the Portfolio Committee on Economic Development Department on the audit outcomes for the 2013/2014 financial year Presenter: Ahmed Moolla October.
Legal framework Look at the legal compliance and framework a business is subject to.

Legal framework Look at the legal compliance and framework a business is subject to.
Select Committee on Education and Recreation 29 November 2011 Parliament, Cape Town.

Select Committee on Education and Recreation 29 November 2011 Parliament, Cape Town.
Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.

Page 1 Portfolio Committee on Water and Environmental Affairs 14 July 2009.
Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.
Protection of Personal Information Act An Analysis on the impact.

Protection of Personal Information Act An Analysis on the impact.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,

TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Monique Jefferson & Nadine Mather

Monique Jefferson & Nadine Mather
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW

HIPSSA Project PRESENTATION ON SADC DATA PROTECTION MODEL LAW
Subrecipient Monitoring

Subrecipient Monitoring
Presentation to the Portfolio Committee on Communications on the:

Presentation to the Portfolio Committee on Communications on the:
Audit of predetermined objectives

Audit of predetermined objectives

Similar presentations

Ads by Google