Personal Information Systems

The Personal Information Protection System is the set of documented policies, codes of practice, guidelines and procedures that contribute to attaining compliance with personal information protection regulations.

Personal Information Systems that we SafeGuard include:

  • Payroll, human resources and salary administration
  • Patient information contained within medical records
  • Procurement system information to protect suppliers and combat fraud
  • Customer Relationship Management Systems' client information
Our approach to SafeGuard Personal Information includes:
  • meeting the requirements of the Protection Of Personal Information Bill

  • the quality of the system of measures and procedures in place to achieve and retain compliance

  • the sufficiency of controls in place to ensure sustained compliance.

Governance is about the internal controls around organisation, process and technology the organisation has implemented to ensure that personal data protection is addressed in a transparent, efficient and effective manner.

Good personal data governance requires Management commitment, and:

  • Clearly mapped data processing operations

  • Aligned data protection and business strategy, organizational environment and operational activities

  • Clearly defined roles and assigned responsibilities

  • Organizational commitment shown by adherence to the PDPS

  • Effective processes that prevent and address problems

  • Monitoring compliance and redress mechanisms for non-compliance
 The Protection Of Personal Information Bill
requires YOU to:
  • secure the integrity of personal information you possess/control by  taking appropriate, technical and organisational measures.
  • have due regard to generally accepted information security practices and procedures                                                  Download the bill here
Our Data Protection specialists design smart solutions that enable you to measure compliance by automating costly manual processes.

Personal Information SafeGuard Questionnaire

Key questions that we ask during an assessment include:
  1. What personal data is processed?

  2. Who is the data controller?

  3. Who are the processor(s)?

  4. Which parties supply personal data?

  5. Which parties receive personal data?

  6. Is sensitive personal data processed?

  7. Which departments are involved in the data processing?

  8. For what purpose is personal data collected?

  9. Which information systems are used to process personal data?

  10. Is the personal data also processed manually?

  11. Which data carriers are used for the processing of data?

  12. Is data transferred to other countries?