A risk assessment is an opportunity to identify your security forces and weaknesses and ensure that you can deal with threats to your business. Condition 8 also consists of several parts. Part B concerns the prohibition of the processing of specific personal data (including religious beliefs, health information, biometric information, etc.) or criminal behaviour. The only exceptions that apply are: POPI attaches great importance to these specific categories of information, and each type of data contains a list of exceptions. If you need to process a protected type of data, contact the law directly and seek legal advice. First, the RGPD refers to the personal data of individuals. It doesn`t protect businesses. Popi, however, extends its protection to corporations, which means it protects information about companies and businesses, as well as the data of individuals. This means that you must provide the same protection to the data of your suppliers or partners in addition to your customers. Conditions 2 and 3 are not the only treatment restrictions.
Condition 4 – Additional Processing Limitation – continues to work on how you can and can process data. It specifies that the responsible party is responsible for complying with other conditions before the data is processed. The responsible party must also ensure that data processing and data processing are respected. Officials have the option to refuse if it is within their rights under Chapter 4 of the Act. Compliance is not a one and done event. It is an ongoing and active process that requires management. The second condition – treatment limitation – defines strict controls, which means the lawful processing of data. To meet this requirement, the data processor must: Penalties for any person convicted of violating the conditions of POPI (an offence) include a fine or a prison sentence (or both).
The period of detention can be up to 10 years for offences in Denser10, 103 (1), (104 (2), 105 (1), 106 (1) (3) (4). Convictions related to paragraphs 59, 101, 102, 103 (2) and 104 (1) are punishable by less than 12 months. Finally, the regulator may require the responsible party to make the infringement public if the regulator deems it appropriate. When condition 2 limits the data you can collect, condition 3 – Destination specifications indicates your reasons for collecting data. Non-compliance with POPI is a misdemeanor. However, non-compliance is not the only way to break the law.