POPIA ACT POLICY
INTRODUCTION
The Protection of Personal Information Act (POPIA) aims to regulate the processing of personal information. As a TVET College, we are committed to protecting the personal information of our students, staff, and stakeholders.
PURPOSE
This policy outlines our approach to processing personal information in compliance with POPIA.
SCOPE
This policy applies to all personal information collected, stored, or processed by Bophelo Institute.
DEFINITIONS
- Personal information: Any information relating to an identifiable, living, natural person.
- Processing: Any operation or set of operations performed on personal information.
- Responsible party: Bophelo Institute, as the entity responsible for determining the purpose and means of processing personal information.
PRINCIPLES
We will process personal information in accordance with the following principles:
- Accountability
- Lawfulness
- Minimality
- Purpose specification
- Further processing limitation
- Information quality
- Openness
- Security safeguards
- Data subject participation
PERSONAL INFORMATION PROCESSED
- Student information: names, dates of birth, contact details, academic records.
- Staff information: names, dates of birth, contact details, employment records.
- Stakeholder information: names, contact details.
PURPOSES OF PROCESSING
- Student administration and academic management.
- Staff administration and human resources management.
- Stakeholder engagement and communication.
CONSENT
We will obtain consent from data subjects before processing their personal information.
DATA SUBJECT RIGHTS
Data subjects have the right to:
- Access their personal information.
- Correct or update their personal information.
- Delete their personal information.
- Object to the processing of their personal information.
SECURITY MEASURES
We will implement the following security measures:
- Access controls
- Data encryption
- Firewalls and intrusion detection
- Incident response plan
BREACH NOTIFICATION
In the event of a security breach, we will notify the relevant authorities and affected data subjects.
COMPLIANCE
- Regular audits and risk assessments.
- Staff training and awareness programs.
- Review and update of this policy.
REVIEW AND UPDATE
This policy will be reviewed and updated regularly to ensure compliance with POPIA.
