Many people ask us if we can help them (or their organisation) to become POPI Certified or obtain a POPI certification. The Protection of Personal Information Act (POPI Act or POPIA) does not specify how to become POPI Certified, and the Information Regulator has not yet set up a system allowing for POPI certification.
There is no such thing as POPI Certified or POPI Certification
At the moment, there is no such thing as POPIA certification or GDPR certification. No one can give you a certification currently. Regards POPIA, we believe that in the future, the Information Regulator will follow the system set out by various other data protection laws, such as the GDPR. Until then, we can help you to show that you are POPIA Ready.
If you are part of the Michalsons Compliance Programme | Data Protection, you can use the Michalsons POPIA Ready Seal. You can display the seal on all websites, cloud offerings, apps, or advertising solutions. Michalsons is one of the leading law firms selected by many to help them comply with POPIA.
The Michalsons POPIA Ready Seal is recognised in South Africa by consumers, businesses, associations, and regulators as demonstrating that the organisation using the seal is taking active steps towards data privacy best practices. It is a way to show that an organisation is ready for POPIA. We can grant the seal to an organisation, a product or a service. Certification is very closely related to the issue of codes of conduct.
Who is it for?
- Responsible parties who want to demonstrate to their data subjects that they take their privacy seriously.
- Vendors that provide solutions that help solve the POPIA problem. For example, an opt-out register.
- Operators who process a lot of personal information for others and want to demonstrate to their responsible parties that they take POPIA seriously and are trustworthy.
What does the Michalsons POPIA Ready Seal mean to Data Subjects?
It means that the organisation displaying the seal:
- takes privacy seriously,
- respects the privacy of data subjects,
- are open about how they process personal information,
- have committed to do what is reasonably practicable to protect personal information, and
- is going through the Michalsons POPIA Compliance Programme.
It does not mean that the organisation:
- Complies 100% with POPIA. POPIA involves a balancing of rights and interests. Nobody can say they absolutely comply with POPIA. It is just not that kind of law.
- Will protect personal information all the time. Personal information must flow freely for society to function. A balance between the free flow and the protection of personal information is needed.
Requirements of POPIA Ready Seal
If you wish to display the Michalsons POPIA Ready Seal:
- At least one representative from the organisation must have attended a Michalsons POPIA workshop.
- You must have appointed your Information Officer and registered them with the Information Regulator (when possible).
- You must be participating in (or have completed) the Michalsons Compliance Programme | Data Protection.