POPI Act Compliance – Securing your IT systems for better compliance

Jun 30, 2021 | Best Practices

D-Day has arrived. Are you POPIA Compliant?

There has  been a massive push to become POPI Act compliant by 1 July 2021.

CMS IT is no different, we have been working around the clock to make sure we as a company are compliant with the new laws for the protection of personal information. We not only took our company through the appropriate channels to become complaint we have offered our clients advice on their IT systems.

We as CMS IT cannot certify you but we can put you and your company on the right path towards becoming certified. So we wanted to share a few tips and helpful to-do’s to help you to be compliant.

Tip 1: How do I become  POPI compliant?

Each business will be different and have its own needs. We have subscribed to the service that TPN offers because as far as we can see, they have made the certification process as easy as possibly for business owners. Once signed up you will be able to work though several checklists and download the required documentation. There is a fair bit of work to go through so you may need to set some time aside to work through each stage.

Free POPI readiness review: https://popi.tpn.co.za/Readiness/

To purchase your TPN POPI-Portal: https://shop.tpn.co.za/Product/Detail/418f4d48-fb93-4be0-9d6b-ba5f87e973b8

Tip 2: Have you designated a POPI information officer within your company?

This will be the person who will drive the POPI Act in your business. They will also take the on the duty of reporting any breaches of the Act. The basic ‘job description’ of an information officer is to make recommendations and raise concerns where appropriate with regard to PI and make sure the documenting information processing procedures are in place.

To register your IO: https://www.justice.gov.za/inforeg/portal.html

POPIA in 5 minutes: https://www.mastershred.co.za/content/18-summary-of-the-protection-of-information-act-popi-act

To find out more about the role of an IO and who can and should be an IO: https://www.popi-compliance.co.za/the-role-of-the-information-officer/

Tip 3: IT Systems POPI compliance

Once you have been through all the process you will need to contact your IT specialist so that they can implement several upgrades to your IT systems.

Here is a quick list of upgrades you can do to your systems to make sure your company is compliant with regards to your IT systems.

  1. Two Factor Authentication (2FA): This gives an extra wall of protection on your accounts and apps that you use day to day.
  2. Anti Virus: Having the correct anti virus on your machines will aid in your battle against an information data attack.
  3. Drive Encryption: Use this to ensure that information that is stored on hard drives is secure. So in the unlikely event advice gets stolen they will be protected from information theft.
  4. Keep your staff aware of Phishing attacks. Phishing emails are email messages with the intention of scamming people in giving out their personal information like passwords and credit card numbers. It is designed to appear genuine by copying the logo, branding and even the writing style and signature of an official employee of a company that you do business with. Head over to our blog on phishing to find out more: https://cmsit.co.za/phishing-rising-threat-business/

There are serval other ways to make sure your businesses IT systems are secure, and we would love to make this POPI Act compliance process as simple as possible for you.

Contact me for a free discussion on getting your IT systems setup for POPI compliance.


Callum Mc Leod

Business Development CMS IT