How to use documents explanation
A document that helps your understand what you have purchased and how to apply to your firm.
This guide tells you what you need to know about POPIA, what the law entails, how it should be applied, what may happen if you do not comply, who the role players are and other interesting details.
Letter of Engagement
Your Firm may already have a standard Letter of Engagement / General Ts&Cs of Service, which you provide to each and every new client whom engages the Firm for the rendering of legal services. If you do not have such a document, this Letter of Engagement provides for the setting out of General Ts&Cs of Service which relate to the rendering of legal services by a law firm to its clients.
Website User Agreement
This generic operator agreement regulates the Ts&Cs of how the operator shall process personal information about data subjects on behalf of the responsible party. If your Firm uses any third party service providers, vendors, suppliers to assist in the processing of personal information on your behalf, it is recommended that an operator agreement be put in place to ensure both parties know their scope and purpose of personal data processing; what data is processed and how it should be protected; the relationship between the operator and the responsible party and necessary indemnities, security and protections. Simply download the document and apply to your business. If you require our help to customise the generic document, get in touch.
Introduction to POPIA Knowledge Session Video
This recorded introduction to POPIA video is based on our awareness training session – Sowing the Seeds of Compliance and provides a high-level overview of the basics of POPIA:
- What is POPIA?
- What does POPIA aim to do?
- Why do I need to protect personal information?
- Why do I need to comply with POPIA? Penalties for non-compliance
- Who is who in respect of POPIA? Important terms and key role players
- Who is the Information Regulator & the Information Officer?
- Does POPIA apply to my business?
- Conditions for lawful processing of personal information.
- Guidance steps on a POPIA compliance journey & Where to start
Employee Privacy Notice
This generic employee privacy notice sets out the basis upon which you process personal information of your staff or employees of your firm, if any. It has been drafted to co-align with POPIA’s eight conditions for the lawful processing of personal information. This generic Employee Privacy Notice can be incorporated by reference into any employment contracts, recruitment documents, internal employment procedures & guidelines or protocols. Simply download the document and apply to your firm. If you require our help to customise the generic document, get in touch.
Information Officer Appointment Letter
Every responsble party has an information officer. The default position is that the Information Officer is the head of the body (CEO / managing director). The CEO or managing director may, in writing, designate and authorise any natural person within the body to act as the Information Officer.
What does the appointment letter cover?
- enables the head of the body to change the default position and appoint and authorise a person within the organisation to fulfil the role of the Information Officer.
- sets out that Information Officer’s duties and responsibilities
- makes provision for recommended indemnities for the role
- makes provision for recommended duties of the responsible party to support the Information Officer in performance of their role
- incorporates the registration requirements for Information Officer’s to be registered with the Information Regulator
- can be customised for your organisation’s requirements
This generic board resolution aims to enable a private or public body (e.g. company, close corporation, partnership), as a responsible party under POPIA, to adopt implementation measures to comply with POPIA and PAIA. It covers:
- Resolve to compliance measures commencing (gap analysis or audit report and high impact assessments being conducted)
- Resolve to recognised head of the body as the automatically appointed information officer
- Resolve to designation and authorisation of information officer (IO) from the head of the body to another person within the body
- Resolve to authorisation of deputy information officer(s) (DIO)
- Resolve to IO’s and DIO’s registration with the Information Regulator
- Resolve to general duties and responsibilities of the information officer
- Signed by acting chairperson of the board of the body
Data Breach Management Policy
This data breach management policy provides a generic policy guideline for a firm to deal with a data security breach or incident to ensure such event is dealt with in a lawful and timely way, and giving board and/or personnel guidance on what to do in the event of a breach event, ensuring that an incident is appropriately recorded and properly investigated, the impacts are understood, risks identified and action is taken to prevent further damage. The generic policy can be customised according to your specific firm needs, so simply download the document, customise it or ask us to do it for you, and apply to your firm.