The Protection of Personal Information Act (POPI) regulates how personal information can be processed and establishes conditions for lawful processing. It aims to protect personal information and balance privacy rights with other rights like access to information. The POPI Act applies broadly to any party that collects, holds, or uses a person's information. It impacts procurement processes by requiring consent for personal information use, only collecting relevant data, and maintaining security. Non-compliance can result in fines, damages lawsuits, and reputational harm.
The Protection of Personal Information Act: A PresentationEndcode_org
What does the Protection of Personal information Act mean for business and for cybersecurity? Find out the implications of South Africa's new technology law Act.
Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.trustarc.com/best-practices-for-managing-individual-rights-under-gdpr-webinar.html
Insights and best practices for managing individual rights under the GDPR.
The GDPR introduces new individual rights for consumers such as the right of deletion, rectification and data portability - and non-compliance can lead to the highest level of fines. Many regulators are planning consumer campaigns that are likely to increase awareness and action on these new data subject access rights once the GDPR comes into effect on May 25th. What are your obligations? What volume of requests should a company prepare for? What best practices and tools are available to support these new requirements?
This on-demand webinar will provide insights and best practices for managing individual rights under the GDPR.
#trustarcGDPRevents
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
The Protection of Personal Information Act: A PresentationEndcode_org
What does the Protection of Personal information Act mean for business and for cybersecurity? Find out the implications of South Africa's new technology law Act.
Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.trustarc.com/best-practices-for-managing-individual-rights-under-gdpr-webinar.html
Insights and best practices for managing individual rights under the GDPR.
The GDPR introduces new individual rights for consumers such as the right of deletion, rectification and data portability - and non-compliance can lead to the highest level of fines. Many regulators are planning consumer campaigns that are likely to increase awareness and action on these new data subject access rights once the GDPR comes into effect on May 25th. What are your obligations? What volume of requests should a company prepare for? What best practices and tools are available to support these new requirements?
This on-demand webinar will provide insights and best practices for managing individual rights under the GDPR.
#trustarcGDPRevents
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
ControlCase discusses the following: - What is GDPR? - How will it impact me? - How can I become compliant? - What is the timeline? - What are consequences if not met?
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
Data Privacy Protection Competrency Guide by a Data SubjectJohn Macasio
Data Privacy Protection Competency Guide shares the belief that the valid, verifiable, and actionable demonstration of respect on the data privacy rights of a data subject, and that the privacy and security of personal information are protected, comes from open guidance that presents the share-able practice standards that guide the right content of understanding, decision, and work of data privacy law compliance.
The workplace view of data privacy risks, policy, organization, process, and documentation have to be easily and consistently created and improved with freely available knowledge on the rules and standards of practice.
The directly accountable and responsible in the personal data collection, retention, use, sharing, and disposal have to be engaged to experience the applicability of data privacy rules and standards in their filing system, automation program, and technology services.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
ControlCase discusses the following: - What is GDPR? - How will it impact me? - How can I become compliant? - What is the timeline? - What are consequences if not met?
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
Data Privacy Protection Competrency Guide by a Data SubjectJohn Macasio
Data Privacy Protection Competency Guide shares the belief that the valid, verifiable, and actionable demonstration of respect on the data privacy rights of a data subject, and that the privacy and security of personal information are protected, comes from open guidance that presents the share-able practice standards that guide the right content of understanding, decision, and work of data privacy law compliance.
The workplace view of data privacy risks, policy, organization, process, and documentation have to be easily and consistently created and improved with freely available knowledge on the rules and standards of practice.
The directly accountable and responsible in the personal data collection, retention, use, sharing, and disposal have to be engaged to experience the applicability of data privacy rules and standards in their filing system, automation program, and technology services.
Corporate Presentation- Gateway Technolabs Pvt. Ltd.
Gateway Group is an Technology Consulting and IT Services Company, One of the top 50 Microsoft Gold Partner companies, ISO 9001:2008 & 27001:2005, one of the largest private limited companies with a strong team of 1400+ Technology Consultants and Software Engineers, Global Offices in 14 countries, and Customers across 30+ countries. Gateway has primarily 5 service categories, Technology Consulting, Software Consulting, Software and Application Development, Software Testing, Cloud Computing, Managed Services and Remote Infrastructure Management services (RIM).
UI Design for Sterling Commerce Multi Channel Selling and Fulfillment SuiteGreg Laugero
This is Greg Laugero's presentation given at Sterling Commerce's Customer Connection 2010 conference in Dallas, April 12-14, 2010. http://webapps.sterlingcommerce.com/connection10/index.php
26 Is Not Enough: Obama's SupplierPay & Why It's Just the Beginning Tradeshift
As encouraging and impressive as QuickPay and SupplierPay are, we think even more can be done. We challenge the rest of the Fortune 1000 to follow suit. There’s too much at stake not to have every leading enterprise aboard this mission. Today, companies can take it upon themselves to deliver the same value to suppliers and small businesses, with or without a government initiative.
Learn three steps can you take to relieve your suppliers of the constraints of long payment terms: http://bit.ly/1vbeK0U
Nuevas opciones de financiación de la I+D, la innovación y la internacionaliz...CTAEX
Nuevas opciones de financiación de la I+D, la innovación y la internacionalización para las empresas agrícolas y alimentarias.
Eduardo Cotillas Provencio. Departamento de Salud, Bioeconomía, Clima y Recursos Naturales, Dirección de Promoción y Cooperación. CDTI
Carlos Franco Alonso. Departamento de Salud, Bioeconomía, Clima y Recursos Naturales, Dirección de Promoción y Cooperación. CDTI
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
Egypt has recently enacted the first Personal Data Protection Law (PDPL), which has been published in the Official Gazette on 15 July 2020 and has entered into force on 16 October 2020. The PDPL reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR). The Executive Regulations of the PDPL shall be issued within six (6) months from the entry into force of the PDPL. Organizations shall comply with the provisions of the PDPL and its Executive Regulations within a grace period of one (1) year from the issuance of the Executive Regulations.
The PDPL covers almost all aspects of personal data protection stated under the GDPR. In this presentation, you will find a summary of the important data protection provisions stipulated under the PDPL, and the similarities and differences between the GDPR and the PDPL.
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...Dr. Oliver Massmann
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTECTION AND CROSS-BORDER PROVISION OF DATA THE BASIC AND GUIDANCE ON PRACTICAL HANDLING
“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia
Republic Act 10173 Data Privacy Act of 2012 (DPA)
“An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a National Privacy Commission, and for other purposes”
Data Privacy Act of 2012 implication to cooperativesjo bitonio
Whether the cooperatives registered under the Cooperative Development Authority (CDA) are covered by the DPA;
If indeed the cooperatives are covered by the law, determine the following:
Obligations of cooperatives
Reportorial requirements to be submitted to the NPC
Compliance period for such requirements
Penalties for non-compliance; and
Where cooperatives may course through or communicate other concerns regarding data privacy.
The KING IV CODE on Corporate Governance In South Africa Part I Introduction - Introductory Presentation on the draft KING IV Code deals with the Philosophy Underpinning the new KING IV CODE. Further presentations are to follow
Content Material of Anti-Bribery & Anti-Corruption Master Class Presented at 2nd African Mining Security Summit at The Sandton Hilton Hotel, Johannesburg on 17 April 2015.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
As a business owner in Delaware, staying on top of your tax obligations is paramount, especially with the annual deadline for Delaware Franchise Tax looming on March 1. One such obligation is the annual Delaware Franchise Tax, which serves as a crucial requirement for maintaining your company’s legal standing within the state. While the prospect of handling tax matters may seem daunting, rest assured that the process can be straightforward with the right guidance. In this comprehensive guide, we’ll walk you through the steps of filing your Delaware Franchise Tax and provide insights to help you navigate the process effectively.
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
RMD24 | Debunking the non-endemic revenue myth Marvin Vacquier Droop | First ...BBPMedia1
Marvin neemt je in deze presentatie mee in de voordelen van non-endemic advertising op retail media netwerken. Hij brengt ook de uitdagingen in beeld die de markt op dit moment heeft op het gebied van retail media voor niet-leveranciers.
Retail media wordt gezien als het nieuwe advertising-medium en ook mediabureaus richten massaal retail media-afdelingen op. Merken die niet in de betreffende winkel liggen staan ook nog niet in de rij om op de retail media netwerken te adverteren. Marvin belicht de uitdagingen die er zijn om echt aansluiting te vinden op die markt van non-endemic advertising.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
1. THE PROTECTION Of PERSONAL INFORMATION (POPI) Act 4 of 2013
The Implications of
The Protection of Personal Information Act (POPI)
for
Integrated Supply Chain Management (iSCM)
Presented by: Myron D. B. Betshanger
Corporate Governance, Legal & Regulatory Compliance Specialist
2. CONTENT
1.The purpose of the Protection of Personal Information
Act (POPI) Act
2.Application of The POPI Act
3. Definitions In The POPI Act
4.Condition For Legal Processing of Personal Information
5.Impact Of The POPI Act on Procurement Process
6.Consequences For Non-Compliance
3. The purpose of the Protection of Personal Information Act (POPI) is to:
give effect to the constitutional right to privacy, by safeguarding personal information
when processed by a responsible party, subject to justifiable limitations that are
aimed at:
balancing the right to privacy against other rights, particularly the right of access
to information; and
protecting important interests, including the free flow of information within the
Republic and across international borders.
regulate the manner in which personal information may be processed, by
establishing conditions, in harmony with international standards that prescribe the
minimum threshold requirements for the lawful processing of personal information;
provide persons with rights and remedies to protect their personal information from
processing that is not in accordance with this Act
PURPOSE of The POPI Act
4. APPLICATION of The POPI Act
As a result of the POPI Act, any party that collects, holds and uses a
person’s personal information will have to do so under certain
circumstances.
The requirements will apply to personal information that is held in
relation to employees, customers, suppliers as well as prospective
customers and prospective suppliers (i.e. bidders) for supply
contracts.
5. POPI Act DEFINITIONS
WHAT IS PERSONAL INFORMATION FOR PURPOSES OF POPI ?
“ Personal Information” is information relating to an identifiable, living natural person or juristic
person as far as applicable.
POPI defines “personal information” very broadly to include, but which is not limited to the
following –
i. Information relating to the race, gender, sex, pregnancy, marital status, national, ethic or social origin,
colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience,
belief, culture, language and birth of the person;
ii. Information relating to the education or the medical, financial, criminal or employment history of the
person;
iii. any identification number, symbol, e-mail address, physical address, telephone number, location
information, online identifier or other particular assignment to the person;
iv. the biometric information of the person;
v. the personal opinions, views or preferences of the person;
vi. correspondence send by that person that is implicitly or explicitly of a private or confidential nature or
further correspondence that would reveal the contents of the original correspondence;
vii. the views or opinions of another individual about the person; and
viii. the name of the person if it appears with other personal information relating to the person or if the
disclosure of the name itself would reveal information about the person.
6. “ Processing” means any operation or activity or any set of operations whether or not by automatic
means, connected to personal information including –
(a) the collection, receipt, recording, organization, collation, storage, updating or modification, retrievable,
alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c ) merging, linking, as well as restricting, degrading, erasure or deconstruction of information.
NOTE: POPI only covers the processing of personal information that is entered into a record by or on behalf of a
responsible party that is domiciled in South Africa, or, if not domiciled in South Africa, is using automated or non-
automated means that is situated in South Africa.
“ Record” means any recorded information –
a) Regardless of the form or medium, including any of the following:
i. Writing on any material;
ii. Information produced, recorded or stored by means of any tape-recorder, computer equipment,
whether hardware or software of both, or other device, and any material subsequently derived fom
information so produced, recorded or stored;
iii. Label, marking or other writing that identifies or describes anything of which it forms part, or to which
it is attached by any means
iv. Book, map, plan, graph or drawing;
v. Photograph, film, negative, tape or other device in which one or more visual images are embodied so
as to be capable, with or without the aid of some other equipment, of being reproduced.
7. b) whether or not it was created by a responsible party; and
c) regardless of when it came into existence ( NB The retrospective provision in POPI)
“ Electronic Communications” includes any text, voice, sound and imaged messages and includes the message
being stored prior to the recipient retrieving it. This would include social medium platforms such as Facebook, LinkedIn,
Twitter, etc in addition to e-mails, the Internet and the Intranet.
“ Consent” for purposes of POPI means any voluntary, specific and informed expression of will in terms of which
permission is given for the processing of personal information.
NB
It is important to note that “Consent” means specific consent . General consent will therefore not be sufficient and a
specific consent for each instance in which the personal information will be dealt with, must be obtained.
The consent must have provided for exactly what personal information is required, why it is required, how it will be
dealt with, and where it will be stored.
The consent must also provide for whether the personal information will be shared
8. “ Data Subject” means the owner of the personal information (natural persons and/or juristic persons). In the
procurement context this will mean the bidding or contracting company or services provider, its owners, managers,
directors and employees.
“ Information Officer” means the person appointed by the responsible party to manage the application of POPI.
“Operator” means any person acting under a mandate or under contract of a responsible party who has a duty not to
disclose personal information. In the context of procurement this means any third party to whom procurement services has
been outsourced either in whole or in part. The operator must maintain the integrity and confidentiality of personal
information collected.
“ Responsible Party” A private or public entity or any other person who determines the purpose of and the means for
processing personal information. In the procurement context, this would be the procuring entity often referred to as “The
Employer / The Purchaser” in procurement contracts.
“Regulator” means the person to be appointed to implement and enforce the provisions of the POPI Act.
9. Conditions For Legal Processing of Personal Information
POPI sets out EIGHT (8) Conditions that must be complied with, namely –
1. Accountability (Section 8 of POPI)
2. Processing Limitation (Sections 9 - 12 of POPI)
3. Purpose Specification (Sections 13 – 14 of POPI)
4. Further Processing Limitation (Section 15 of POPI)
5. Information Quality (Section 16 of POPI)
6. Openness (Sections 17 – 18 of POPI)
7. Security Safeguards (Sections 19 – 22 of POPI)
8. Data Subject Participation (Sections 23 – 25 of POPI)
10. Impact of The POPI Act on the Procurement Process
• Minimally: RFX /vendor registration form must only request relevant personal information from
bidder/supplier, Personal information which is not relevant for bid evaluation or conclusion of a
contract with a supplier must not be collected.
• Consent, justification and objection: Record of consent and objections from bidder/supplier to
processing of personal information throughout the tendering process.
• Sources other than the data subject: Personal information (e.g. reference letter verification) that
The Employer / The Purchaser needs to obtain from a third party must be collected with prior
consent from the bidder/supplier.
Bid preparation
• Notification to data subject: The Employer / The Purchase must ensure that a bidder/supplier is
aware of the purpose the information is collected, as well as the consequences of failing to provide
the information.
• Bid documents submitted late must not be retained longer than necessary for the purpose collected
for.
• Integrity and confidentiality of personal information of late submitted bids must be maintained.
• Notification of security compromise to the Regulator and bidders in writing.
Issue, receipt & opening of bids
11. • Consent, justification and objection: Record of consent and objections from
bidder/supplier to processing of personal information.
• Sources other than the data subject: Verification or receiving of personal
information of supplier/bidder from third party must be done with prior consent from
bidder/supplier.
• Bid documents of unsuccessful bidders must not be retained longer than necessary
for the purpose collected for.
• Integrity and confidentiality of personal information of unsuccessful bidders.
• Notification of security compromise to the Regulator and bidders in writing.
Bid evaluation, Shortlisting & Adjudication
12. • Minimally: Personal information which is not relevant for conclusion of a
contract with a supplier must not be collected.
• The Employer / The Purchaser must put measures in place to prevent loss,
damage, unauthorised destruction and unauthorised access to personal
information of supplier/contractor.
• The Employer / The Purchaser must notify the Regulator and
supplier/contractor of the security compromise in writing.
Contract award & management
(general obligations)
13. • Contract between The Employer / The Purchaser and the operator must ensure
that the operator establishes and maintains security measures to safeguard
personal information being processed on behalf of The Employer / The
Purchaser.
• The operator must notify The Employer / The Purchaser immediately in an event
where there are reasonable grounds to believe personal information has been
accessed by an unauthorised person.
• The contract with an operator must ensure confidentiality of personal
information processed on behalf of The Employer / The Purchaser.
• A supply contract with an operator must include standard clauses outlining joint
responsibility in terms of the protection of personal information.
• The Employer / The Purchaser must have audit rights to conduct regular audits
on the operator’s security and confidentiality measures.
Contract award & management
(Supply Contract with an Operator)
14. Consequences Of Non-Compliance With The POPI Act
FINE and/or IMPRISONMENT (not exceeding 10 Years)
Any person who hinders, obstructs, or unlawfully influences the Regulator or any person acting at the direction of the
regulator;
An employer who fails to comply with an enforcement notice;
An employer who violates any conditions of processing of an account number.
FINES
Administrative Fines :
o The Regulator may issue an infringement notice in the event of an alleged contravention of the provisions of
POPI.
o The Regulator must specify the amount of the administrative fine which may not exceed ZAR 10 million.
o The Transgressor may within 30 days of receipt of the infringement notices
a) elect to pay the fine so determined by the Regulator, or
b) make instalment arrangements with the regulator to pay such fine as imposed, or
c) take the Regulator’s determination on review to the High Court.
15. Consequences Of Non-Compliance With The POPI Act
Civil Damages
The Data Subject may sue the Transgressor for damages or may request the Regulator to sue for damages.
The principle of strict liability applies, meaning its not necessary for the Data Subject or the Regulator on behalf
of the Data Subject to prove intent or negligence.
The amount of damages that may be awarded is punitive and far in excess of what can presently be awarded
under South African law.
i. The damages could include monetary and non-monetary loss;
ii. Aggravated damages,
iii. Interest and costs
Fact that court order must be published in the Government Gazette and requirement that appropriate be
made can inflict great reputational damage on organizations.
16. THANK YOU
MYRON D. B. BETSHANGER
Corporate Governance, Legal & Regulatory Compliance Specialist
16 Verveen Street
Westenburg
Polokwane, South Africa
Mobile: +27 74 780 3862
e-mail: betshangermyron2@gmail.com
LinkedIn: https://za.linkedin.com/pub/myron-duncan-burton-betshanger/37/219/1b8
Twitter: @betshangermyron