POPI proof your payroll

Popi Act

The Personal Protection of Information Act (POPIA) is based on eight principles and measures that need to be implemented in order to control information gathered on customers and employees.

These are:

  • Accountability
  • Processing limitation
  • Purpose specification
  • Further processing limitation
  • Information quality
  • Openness
  • Security safeguards
  • Data subject participation

When it comes to payroll, all of these principles are important, but in this industry there are several areas that are critical.

Firstly, the information any company collects on its employees must be strictly used for its original purpose, unless there is another legal requirement that would necessitate the organisation processing the information any further, or if the company obtains permission from said employee for one reason or another.

Very importantly in terms of the Act and how it affects the payroll department, is the safe storing of data. In this instance, payroll and HR need to ensure that all information is accessible only by those who have legitimate access to it, and also guarantee that it is not lost, accidentally deleted, or exposed in the event of a data breach or another security incident.

How do you ‘POPI proof’ your payroll?

It is important to realise that there is a lot to do when it comes to the POPIA –

  • Make sure you understand the POPI regulations, as this is key to moving forward successfully. Without understanding how the Act could potentially impact your organisation, you are effectively back to square one.
  • Review and update customer and supplier agreements, as well as any third party partner agreements. Put measures in place to protect and prevent unauthorised access to all employee information, and make sure that only the right people can access that information, by enforcing principles of least privilege.
  • Develop a culture of privacy within the company. If you take a top down approach and get management to enforce data privacy, it will filter down through the rest of the company, and it’s important for staff to know their information is treated with integrity. Implement awareness campaigns, and put policies and procedures in place to ensure privacy is maintained – after all, privacy is just as important as data security.
  • Develop a comprehensive incident response plan. Having an understanding of exactly what needs to be done to prevent any further damage is critical to business continuity. Too often, people think of an incident only in terms of loss of data, but reputational damage and loss of customer confidence, which are infinitely harder to quantify, are important too. If the organisation has a solid plan in place to deal with breaches quickly and effectively, it will help to bounce back far more rapidly.
  • Implement a data access management procedure to ensure that only the right people can access the right information. This policy will guard against any unauthorised access and must be in line with the POPIA and all other associated regulations, such as the Promotion of Access to Information Act (PAIA).

These guidelines will put your payroll in a good place by 1 July 2021.

But, be mindful of the pain points –

  • Don’t wait till the last minute to implement the changes. We have had since 1 July 2020, but it is human nature to wait until the last minute. There is more to do than most organisations realise, so the more time you give yourself, the more time you have to fix any issues that might arise.
  • Avoid doing everything yourself. We like to be masters of everything, but remember that we have specialists in the industry for a reason. Engage with trusted service providers to help ease the pressure. These can range from legal experts, cyber security experts, or payroll specialists. If there are any areas you don’t fully understand, or can’t deal with internally, utilise those experts.
  • Make use of the regulation and this grace period we have been given as an opportunity to invest in your organisation. While POPIA may be seen as legal red tape and a bit of a pain, it is actually a real opportunity to improve your company. It could improve processes or operations, which in turn will improve your customer experience, and result in cost savings.

A lot has been said in terms of the POPI Act, and there is a lot of information out there. Make sure you are getting the right advice and resist the urge to look at POPIA as a tick-box exercise and merely something you have to do. View it as an opportunity to take your business to the next level.

Make sure you are getting the right advice and resist the urge to look at POPIA as a tick-box exercise and merely something you have to do. View it as an opportunity to take your business to the next level.

Want to hear more from a human? Speak to one of our experts and ask all the questions you like.

Related Posts