Many people ask us if we can help them (or their organisation) to become POPI Certified or obtain a POPI certification. The Protection of Personal Information Act (POPI Act or POPIA) does not specify how to become POPI Certified, and the Information Regulator has not yet set up a system allowing for POPI certification.
There is no such thing as POPI Certified or POPI Certification
At the moment, there is no such thing as POPIA certification or GDPR certification. No one can give you a certification currently. Regards POPIA, we believe that in the future, the Information Regulator will follow the system set out by various other data protection laws, such as the GDPR. Until then, we can help you to show that you are POPIA Ready.
Build trust with your data subjects or responsible parties.
If you are part of a Michalsons data protection programme, you can use the Michalsons POPIA Ready Seal. You can display the seal on all websites, cloud offerings, apps, or advertising solutions. Michalsons is one of the leading law firms selected by many to help them comply with POPIA.
The Michalsons POPIA Ready Seal is recognised in South Africa by consumers, businesses, associations, and regulators as demonstrating that the organisation using the seal is taking active steps towards data privacy best practices. It is a way to show that an organisation is ready for POPIA. We can grant the seal to an organisation, a product or a service. Certification is very closely related to the issue of codes of conduct.
Who is it for?
- Responsible parties who want to demonstrate to their data subjects that they take their privacy seriously.
- Vendors that provide solutions that help solve the POPIA problem. For example, an opt-out register.
- Operators who process a lot of personal information for others and want to demonstrate to their responsible parties that they take POPIA seriously and are trustworthy.
What does the seal mean to data subjects and responsible parties?
It means that the organisation displaying the seal:
- takes privacy seriously,
- respects the privacy of data subjects,
- is open about how they process personal information,
- has committed to do what is reasonably practicable to protect personal information, and
- is going through a Michalsons data protection programme.
It does not mean that the organisation:
- Complies 100% with POPIA. POPIA involves a balancing of rights and interests. Nobody can say they absolutely comply with POPIA. It is just not that kind of law.
- Will protect personal information all the time. Personal information must flow freely for society to function. A balance between the free flow and the protection of personal information is needed.
Requirements of POPIA Ready Seal
If you wish to display the Michalsons POPIA Ready Seal your organisation must meet all of the requirements.
- At least one representative from your organisation must have attended a public or private Michalsons Data Protection Compliance Workshop.
- Your organisation must have appointed your Information Officer and registered them with the Information Regulator (when possible).
- Your organisation must have completed the key modules that are relevant to your organisation from the data protection programme your organisation has joined.
What does it cost?
The fee to join the programme includes your organisation using the seal for 12 months. It is one of the benefits of being a member. There will be an additional annual fee thereafter, which we still have to determine. Obviously, if you are not happy with the fee, you can choose to stop using the seal. We reserve the right to terminate our seal programme at the end of any period for which members have paid in advance.