As POPIA came into full effect only in mid-2021, there is limited literature available on the subject, and no specific studies could be identified concerning levels of awareness amongst both data subjects and responsible parties.
There is thus a need to conduct primary research in order to ascertain awareness levels amongst both responsible parties and data subjects. The evidence-based results of a scientifically credible research study will enable the Regulator to implement relevant awareness and educational programmes aimed at increasing awareness levels on POPIA for different groups in society, thereby contributing to increased compliance and exercising of rights by responsible parties and data subjects, respectively.
The study design, protocols, questionnaire, and other relevant materials were reviewed and approved by the HSRC Research Ethics Committee.
Click here to download the Report:
https://inforegulator.org.za/wp-content/uploads/2020/07/POPIA-summary-report.pdf
Relevance to Auditors, Independent Reviewers & Accountants:
POPIA is another piece of legislation that your clients must comply with, and which you must assess compliance with. If they don’t comply with the relevant laws and regulations, you have certain reporting obligations in terms of NOCLAR (Non-Compliance with Laws And Regulations) – this could include reporting to management, qualifying your audit opinion, reporting a Reportable Irregularity, etc.
As an auditor, accountant and independent reviewer, you need to consider updated information that is published by the Information Regulator (as they are responsible for POPIA in SA) – especially as it relates to operational functionalities, as well as general awareness of the act.
As an employer, you also need to comply with POPIA in your workplace.
Relevance to Your Clients:
An entity (company or close corporation) has a duty to comply with POPIA, and directors have to fulfill their duties accordingly, otherwise, they could be held liable.
Your clients need to consider updated information that is published by the Information Regulator (as they are responsible for POPIA and PAIA in SA) – especially as it relates to operational functionalities and general awareness.