The Information Regulator is embarking on a “target-based compliance monitoring exercise” which appears to be targeting randomly selected organizations across the country. This inspection comes almost two years post POPI coming into full force and effect and is a mandated legislative function to be performed by the Information Regulator under section 40 (1)(b)(i) of POPIA.
Letters of inspection have already been issued to several organizations, of whom LabourNet is one. LabourNet Group has submitted all the necessary documentation within the instructed 5-day period as requested by the Information Regulator and await feedback on the outcome of our investigation.
The Information Regulator requested the following information from LabourNet, which we believe will form the core basis of the Information Regulator’s first rounds of investigations:
- Proof of registration of any Deputy Information Officer(s)
- Evidence of Staff Training
- Privacy policy demonstrating compliance to the 8 conditions of lawful processing
- Effective security safeguards in place to prevent the unlawful and unnecessary destruction of personal information
- A comprehensive and sufficient Data Retention Policy
It is imperative that you are prepared and informed about what is expected from your Organisation, in order to prepare for the inevitability of investigations.
Should you receive such notice, we advise you contact your information Compliance Consultant immediately for assistance in guiding you through this process and if you are not already an Information Compliance client, contact your nearest branch for a quotation of our services.