EAST RAND WALLING (PTY) LTD (“ERW”) POPIA COMPLIANCE UPDATE

The Protection of Personal Information Act, 4 of 2013 (“POPIA”) came into effect on 1 July 2020. POPIA regulates how personal information of natural and juristic entities must be processed (“data subjects”) and sets out certain obligations that must be complied with when processing personal information.

POPIA provides for a 1 year grace period during which a responsible party (party responsible for processing the personal information of data subjects) must ensure compliance with the provisions of POPIA.

What is ERW doing in order to ensure compliance with POPIA?

1. Accountability
   The responsible party must implement measures to ensure compliance with the lawful processing conditions
2. Processing Limitation
   The purpose of the processing of personal information must be justifiable and must take place in a lawful, reasonable and non-excessive manner.
3. Purpose Specification
   Personal information must be collected and processed for a specific and defined purpose
4. Further Processing Limitation
   Personal information may not be processed for a further purpose where such purpose is not compatible with the original purpose of the collection or where so authorised by the Information Regulator
5. Information Quality
   The responsible party must ensure the personal information being processed is complete, accurate, not misleading and updated where necessary
6. Openness
   The responsible party must notify the data subject of its processing activities
7. Security Safeguards
   The responsible party must implement security safeguards to ensure the integrity and confidentiality of the personal information is protected
8. Data Subject Participation
   Data subjects have certain rights in terms of their personal information held by a responsible party, which includes requesting access thereto and the correction or deletion thereof.
   ERW has compiled a robust POPIA Compliance Programme that is currently being rolled out internally which addresses the above mentioned lawful processing conditions as well as all other requirements set out under POPIA.

ERW POPIA Compliance Programme

Under the POPIA Compliance Programme, ERW has:

1. Reviewed its internal processes and created new processes to ensure compliance with the lawful processing conditions, including processes related to the collection, storage and destruction of personal information;
2. Updated our internal policies to allow for the monitoring of compliance with the provisions of POPIA;
3. Created a Privacy Policy, which will apply to ERW, its dealers and any third parties processing personal information on behalf of ERW, requiring compliance with the provisions of data privacy legislation, including POPIA, when processing personal information;
4. Reviewed and updated all our agreements to provide for data privacy and protection in accordance with the requirements of POPIA;
5. Implementing new and updating current security safeguards to ensure the proper protection of personal information processed by ERW;
6. Created a process which allows data subjects to request access to, or the correction or deletion of their personal information held by ERW;
7. Provided training to the various business areas within ERW to ensure they remain aware and up to date of their obligations under POPIA;
8. Created a Privacy Statement to ensure data subjects are notified of all of ERW’s processing activities in relation to their personal information;
9. Improved ERW’s security and data breach processes to meet the requirements of POPIA.

What is the impact of POPIA on ERW’s stakeholders, business partners, customers, dealers, suppliers, service providers and other third parties?

ERW is committed to protecting individual and corporate personal information. ERW will only process personal information in accordance with the provisions of POPIA and other applicable data privacy legislation.
In order to ensure compliance, ERW may contact you to request consent for specific processing activities, require you to sign a new agreement or addendum to provide for data privacy provisions, ask you to complete an additional form or document, request you to verify and/or update your personal information or any other ad-hoc request which relates to complying with the provisions of POPIA.
Please view our Privacy Statement on www.erw.co.za for further details on ERW ’s processing activities. If you have any questions, please contact us on io@erw.co.za.
Where you are processing ERW personal information, or processing personal information on behalf of ERW, such processing must take place in accordance with ERW’s Privacy Policy which will be shared with you by ERW and will be available upon request.