POPI and your Human Resource department

Anyone who still thinks that POPI or POPIA as named by the Information Regulator (IR) is not a reality, is opening themselves up for a huge surprise.

This surprise will be one of the biggest strategic and operational risks on the Risk Register of any company within the next twelve (12) months.

An, the department who will be affected the most will be Human Resource (HR). HR is the custodian of most of the Personal Information (PI) as defined in POPIA.

The question is:

  • What are HR doing with this information (Age, sex, date of birth, Union affiliation, medical history, blood type, biometric fingerprints, etc),
  • What is the POPIA Risk Universe looking like for HR, and
  • What is the internal control sets designed by HR to operationally manage these risks
  • What is the combined assurance created and documented to ensure that POPIA is managed as indicated as per the Act.

CAA is not a legal compliance firm guiding you through the legal compliance process of POPIA, but instead, we are:

  • the Risk Strategists (liked to strategic objectives),
  • the People-based implementers (huge change management is expected),
  • the Architects of the processes needed from where the PI is collected, for which purpose, how was it used, stored and destroyed
  • and finally, we are renown Internal Auditors, setting the standard for POPIA Auditing, whether Internal or External.

For any further information in this regard, please contact us on popi@crestadvisoryafrica.com for a consult in this regard. You can also call Nico Snyman at 076-403-4307.