The POPI Compliance Manual

29 April 2021 00:00

Deon Welz discusses the most onerous requirement of POPI, which is the creation of a POPI “Compliance Manual” in which the rules and procedures relating to the processing of personal information in businesses are set out.

The deadline for the implementation of POPI into all our businesses is 1 July 2021. This is just around the corner. For those of you who have looked into what needs to be done the prospects are daunting.

We hope that you have read our two previous publications relating to [1] obtaining consent from our clients to work with their personal information, and [2] the rules relating to direct marketing. These are two critically important aspects of the new law that need to be understood and implemented.

The third and most onerous requirement of this new law is however the creation of a POPI “Compliance Manual” in which the rules and procedures relating to the processing of personal information in your business are set out. This document is similar to the Risk Management and Compliance Programme that was required by all estate agencies in terms of FICA. To save you the time and trouble of preparing your own such POPI Compliance Manual, we have prepared a “standard’ version of a Compliance Manual that, with minor amendments, should work for most estate agencies. This document is available in Word format here. Feel free to download the document and to make it your own. We would however appreciate it if you would acknowledge ourselves on the document in recognition of the assistance that we have given with the implementation of POPI into your business. We don’t want our work to be stolen by others who might pass it off as their own.

POPI compliance is still in its infancy, and we do not yet know how it will be eventually look. There was accordingly very little guidance available for us. While we can’t assure you that the Compliance Manual is perfect in every respect, we have spent a lot of time and trouble in preparing the document and it is almost identical to the one that we have adopted in our own business. We are therefore confident that it will pass muster, and that if you implement the procedures and follow the guidelines, you will have nothing more to worry about.

The problem with a generic document like this is that it cannot take into account the unique characteristics of each business, and you must therefore read the document carefully and understand it to ensure that all parts are applicable to you. The parts of the document that will certainly need to be customised for your business would be Section D, which deals with Security Safeguards; clause F 2, where you need to insert the amount you will charge to respond to a request to provide copies of personal information; and Section J, where you will have to insert name of your Information Officer. Please be careful if you delete any parts. The document has been designed to tick all the boxes as required by the Act, and a deletion might result in non-compliance.

In the Compliance Manual you will also see references to annexures and forms. These annexures and forms are also listed in Section O. To assist further we have created these annexures and forms for you, and they can be found here. Once again, feel free to download the documents and to make them your own. Some of the documents has been created by us or customised for use by an estate agency. Others have merely been converted from the .pdf documents that were published as part of the Regulations or Guidance Notes.

I know that this last step in compliance is going to be a difficult one. We are however all in the same boat. I do hope that what we have provided for you will simplify the implementation of POPI into your business, so that you can spend more of your time on the real work of meeting the property needs of all your clients.

Deon Welz
Miltons Matsemela Inc