POPI Act Policy
The hospital ensures that individuals associated with the hospital who influences the personal information of the data subject will be listed and instructed to safeguard the personal information.
The hospital acknowledges that the personal information of data subjects needs to be protected. As such, the hospital vows to engage in a risk impact assessment to protect the personal information of the data subject.
The following information is recorded and managed by the POPI officer:
- an inventory of all data subjects and their personal information
- data subject consent and instruction to:
- hold data and reason for data held;
- use data and reason for data used;
- destroy data and reason for the destruction;
- including a time frame on all of the above
- the identities of the data processors
- how the data flows into and through the Company to date of destruction
- how access control is addressed
- reasons for holding subject data
- the purpose of holding subject data
The POPI officer will identify the probability factor of risks for the data subject and actively and annually manage the risks.
30 June 2021