POPIpack™ Global Enterprise GDPR Pack – Subscribe

R3,600.00

The  subscriber Global Enterprise GDPR Pack includes a generic set of legal data protection documents which aims to deliver a POPIA compliance kick-start for a global group structure.  As subscriber you will have access to download the latest versions of the documents as and when we update them. The following documents are included:

  1. POPIA Guide
  2. Website User Agreement
  3. Privacy Policy
  4. Cookie Policy
  5. Data Breach Management Policy
  6. Employee Privacy Notice
  7. Data Processing Agreement (Global)
  8. Intra-Group Transfer Agreement (Global)
  9. OneTrust GDPR vs. POPIA Guide
  10. Information Officer Appointment Letter
  11. Board Resolution
  12. Introduction to POPIA Knowledge Session Video
agsdix-null

POPIA Guide

This guide tells you what you need to know about POPIA, what the law entails, how it should be applied, what may happen if you do not comply, who the role players are and other interesting details.

agsdix-null

Website User Agreement

This document sets out generic Ts&Cs for making use of your Global Group Enterprise’s / member companies’ websites, other social media sites your member companies’ may operate and regulates the selling of your member companies’ products and services to customers. This agreement is linked to the Privacy Policy. Simply download the document and apply to your Global Group Enterprise. If you require our help to customise the generic document, get in touch.

agsdix-null

Privacy Policy

This generic privacy policy sets out the reasons why, how and when a Global Group Enterprise processes personal information of anyone who deals with any member company in any way. It has been drafted to co-align with POPIA’s eight conditions for the lawful processing of personal information. The privacy policy is incorporated into the Website User Agreement when customers make use of any of the member companies’ websites & can be incorporated into the group’s / member companies’ standard service level agreement or product T&Cs. Simply download the document and apply to your Global Group Enterprise. If you require our help to customise the generic document, get in touch.

Cookie Policy

This generic cookie policy explains to the visitor or user of your website(s) what cookies are and their purpose, what cookies your website may use, how to delete cookies and also the consequences of deleting non-essential functioning cookies when making use of the website(s). The policy is usually connected to your privacy policy and any cookie tool regulating cookies on your website(s). This generic cookie policy can be customised according to your Global Group Enterprise’s / member companies’ specific needs, so simply download the document, customise it or ask us to do it for you, and apply to your business.

Data Breach Management Policy

This data breach management policy provides a generic policy guideline for staff to deal with a data security breach or incident within a company to ensure such event is dealt with in a lawful and timely way, and giving personnel guidance on what to do in the event of a breach event, ensuring that an incident is appropriately recorded and properly investigated, the impacts are understood, risks identified and action is taken to prevent further damage. The generic policy can be customised according to your specific Global Group Enterprise’s  / member companies’ needs, so simply download the document, customise it or ask us to do it for you, and apply to your business.

Employee Privacy Notice

This generic employee privacy notice sets out the basis upon which you process personal information of your staff or employees of your business. It has been drafted to co-align with POPIA’s eight conditions for the lawful processing of personal information. This generic Employee Privacy Notice can be incorporated by reference into your Global Group Enterprise’s or member companies’ employment contracts, recruitment documents, internal employment procedures & guidelines or protocols. Simply download the document and apply to your business. If you require our help to customise the generic document, get in touch.

Data Processing Agreement

This generic Data Processing Agreement (DPA) regulates the Ts&Cs of how the processor shall process personal information about data subjects on behalf of the controller.  If a member company in your Global Group Enterprise uses external third party service providers, vendors or suppliers to assist in the processing of personal data on its behalf,  it is recommended that a DPA be put in place to ensure both parties know their scope and purpose of personal data processing; what data is processed and how it should be protected; the relationship between the controller and the processor and necessary indemnities, security and protections.  Simply download the document and apply to your business. If you require our help to customise the generic document, get in touch.

agsdix-null

Introduction to POPIA Knowledge Session Video

This  recorded introduction to POPIA video is based on our awareness training session – Sowing the Seeds of Compliance and provides a high-level overview of the basics of POPIA:

  • What is POPIA?
  • What does POPIA aim to do?
  • Why do I need to protect personal information?
  • Why do I need to comply with POPIA? Penalties for non-compliance
  • Who is who in respect of POPIA? Important terms and key role players
  • Who is the Information Regulator & the Information Officer?
  • Does POPIA apply to my business?
  • Conditions for lawful processing of personal information.
  • Guidance steps on a POPIA compliance journey & Where to start.
agsdix-null

Intra-Group Transfer Agreement (Global)

This generic Intra-Group Data Transfer Agreement sets out the terms and conditions in which any member company of a Global Group Enterprise may transfer personal data to another member company in the group. Simply download the document and apply to your Global Group Enterprise. If you require our help to customise the generic document, get in touch.

agsdix-null

OneTrust GDPR vs. POPIA Guide

The Guide provides a comparative overview of the differences and similarities between the European Union’s data protection law – the General Data Protection Regulation (EU) 2016/679 (GDPR) and South Africa’s ).  If you are an organisation that may be required to comply with both the GDPR and POPIA this Guide provides a high-level overview of what the fundamental differences and similarities between the two laws and covers:

  1. When is compliance with the GDPR and/or POPIA required?
  2. What types of processing are covered/exempted?
  3. Key data protection concepts and how each concept is addressed under POPIA and the GDPR
  4. Recommended guidance steps and how each step is treated under each law
agsdix-null

Information Officer Appointment Letter

Every responsble party has an information officer.  The default position is that the Information Officer is the head of the body (CEO / managing director). The CEO or managing director may, in writing, designate and authorise any natural person within the body to act as the Information Officer. 

What does the appointment letter cover?

  • enables the head of the body to change the default position and appoint and authorise a person within the organisation to fulfil the role of the Information Officer.
  • sets out that Information Officer’s duties and responsibilities
  • makes provision for recommended indemnities for the role
  • makes provision for recommended duties of the responsible party to support the Information Officer in performance of their role
  • incorporates the registration requirements for Information Officer’s to be registered with the Information Regulator
  • can be customised for your organisation’s requirements
agsdix-null

Board Resolution

This generic board resolution aims to enable a private or public body (e.g. company, close corporation, partnership), as a responsible party under POPIA, to adopt implementation measures to comply with POPIA and PAIA. It covers:

  • Resolve to compliance measures commencing (gap analysis or audit report and high impact assessments being conducted)
  • Resolve to recognised head of the body as the automatically appointed information officer
  • Resolve to designation and authorisation of information officer (IO) from the head of the body to another person within the body
  • Resolve to authorisation of deputy information officer(s) (DIO)
  • Resolve to IO’s and DIO’s registration with the Information Regulator
  • Resolve to general duties and responsibilities of the information officer
  • Signed by acting chairperson of the board of the body