The organisation's governing body cannot delegate its accountability and is ultimately answerable for ensuring that the organisation meets its legal obligations in terms of POPIA.
The governing body may however delegate some of its responsibilities in terms of POPIA to management or other capable individuals.
The governing body is responsible for ensuring that:
The organisation appoints an Information Officer, and where necessary, a Deputy Information Officer.
All persons responsible for the processing of personal information on behalf of the organisation:
are appropriately trained and supervised to do so
understand that they are contractually obligated to protect the personal information they come into contact with
are aware that a willful or negligent breach of this policy’s processes and procedures may lead to disciplinary action being taken against them
3rd Parties who want to make enquiries about their personal information are made aware of the procedure that needs to be followed should they wish to do so
The scheduling of a periodic POPI Audit in order to accurately assess and review the ways in which the organisation collects, holds, uses, shares, discloses, destroys and processes personal information.
The organisation's governing body cannot delegate its accountability and is ultimately answerable for ensuring that the organisation meets its legal obligations in terms of POPIA.
The governing body may however delegate some of its responsibilities in terms of POPIA to management or other capable individuals.
The scheduling of a periodic POPI Audit in order to accurately assess and review the ways in which the organisation collects, holds, uses, shares, discloses, destroys and processes personal information.