South African legislation contains obligations that have a wide variety of implications for the management of information and technology by public and private bodies operating in South Africa. These include:
- Information assets need to be identified
- Retention of certain types of records
- Promotion of easy access to information
- Maintain a register of documents received and dispatched
- Information classification Information protection when stored and processed
- Physical security and access control
- Identification of individuals entering premises
- Preservation of secrecy
- Record of all the reproductions of classified documents is to be maintained
- Disaster recovery and contingency planning
- Effective internal controls
- Admissibility and evidential weight of data messages
- Data destruction.
The POPIA Legal Register summarises these obligations for ease of reference. This legal register is an important source of information when responsible parties examine the legal basis for processing personal information in their business processes. The POPIA platform can include a Legal Register for your organisation with descriptions of the compliance issue, implementation requirement and status for each legal obligation.