POPIA, The Protection of Personal Information Act, published on the 26th of November 2013 is South African legislation with objectives to regulate the processing of personal information and data protection in an effort to align South African data protection laws with International Standards.
EU GDPR is a new privacy and data protection regulation, which became effective on the 25th of May 2017 and enforceable as of the 25th of May 2018. The new GDPR, General Data Protection Regulation, a legal framework that sets the rules that define the guideline for the processing of personal data of EU citizens. This could be customers, employees or the employees of suppliers to your company. These individuals are consistently referred to as “Data Subjects”.
The objectives of the GDPR are:- To protect the freedom and rights of EU citizens | To enable free movement of personal data across EU states while, at the same time, stipulating guidance for movement of personal data outside of the EU.
RUBiQ is a unique platform that assists companies to gain insight into the exact governance structures, processes and policies needed to enforce compliance with such legislation and regulations as both POPIA and GDPR. By starting with the proprietary RUBIQ IT Governance Maturity Assessment you will be able to sequentially and systematically plan your route to successful POPIA and or GDPR compliance and gain clear and concise transparency and control over all of your information privacy requirements.
Start by downloading “Our Approach” brochure or contact us to sign up to Step 1 of the Maturity Assessment.
Transparent and fair – You must process all user data for a specific purpose, clearly and truthfully stated by the user.
Collect data for specific, legitimate purpose – Process all user data for a specific purpose. You must gain explicit consent from users for this.
Limit the amount of data – Review all data you hold: What is it and why do you have it? Only collect and retain data you'll need in the future.
Keep up to date – Ensure all data you store is accurate, up to date and accessible, ideally, users can securely update or delete their data themselves.
Only keep data you need – If you no longer need user's data, delete it.
Data safeguarding – Processors must protect user data against unlawful processing or loss: Encryption and privacy by design are required.
Up to 4% of worldwide turnover or €20M (whichever is the highest).
That a physical person can access, modify, restore and erase their data. 3 to 11 human rights laws to be passed with a view to compliance.
Against risk of loss, theft or disclosure.
Document the measures taken and the protection procedures.
Inform the National Commission of Information Technology and Civil Liberties within 72 hours of a personal data breach.
All companies that collect, process and store personal data.