Privacy Policy Implementation Guide

1.Purpose & Overview

Goal: Ensure compliance with GSS’S Privacy Policy & the Protection of Personal Information Act (POPIA)

Scope: Covers all GSS employees, third-party providers & affiliates.

2. Definition & Key Terms

Define terms like Data Subject, Responsible Party & Data Breach for clarity, aligning with both PAIA Manual & Privacy Policy.

3. Collecting Personal Information

Collect information directly when possible.

Ensure that all data collection complies with legal requirements & Data Subjects are informed of the purpose.

4. Processing Personal Information

Process data only when there’s a legal basis & for disclosed purposes – if you need to gather personal information, remember to ensure that consent is given, expressly or implied.

Allow Data Subjects to withdraw consent if processing is based on consent.

Use secure systems & workflows to document processing activities.

5. Data Accuracy & minimization

Accuracy: Follow PAIA guidelines to verify & update personal data regularly,

especially for employment or customer information.

Minimization: Only collect & retain the minimum amount of data necessary.

Privacy Practices for Data Security

6.6.1 Password Protection & Access Control

Use unique, strong passwords for all systems & documents containing sensitive data.

Restrict data access to employees on a “need-to-know” basis, using unique user ID’s for accountability.

6.2 Data Encryption

Encrypt sensitive data files & emails when sharing or storing them.

Require password-protected attachments for sensitive information shared by email .

6.3 Devices & Network Security

Install antivirus data files & emails when sharing or storing them.

Conduct regularly vulnerability scans & monitor networks as outlined in the PAIA

Manual to detect threats.

6.4 Physical Security Measures

Restrict physical access to areas where data is stored with keycards or biometric controls.

Implement a clear-desk policy & lock all sensitive files when not in use.

6.5 Secure disposal of Data

Shred or securely delete all data no longer needed, according to retention policies outlined in PAIA Manual.

For digital data, follow secure erasure techniques to prevent data reconstruction.

6.6. Backup & Recovery

Ensure data backups are stored securely, tested regularly & capable of swift recovery in case of data loss.

6.7 Regular Audits & Monitoring

Conduct routine audits or access logos & compliance with privacy practices.

Record & investigate any access irregularities, aligning with PAIA compliance

requirements.

7. Data Breach Response

Follow established procedures for detecting & addressing breaches, including

notifying affected parties are required by POPIA & the PAIA Manual.

8. Third-Party Data Shipping & Cross-Border Transfers

Ensure third-party compliance with GSS’s privacy standards by formal agreement,particularly for data storage or processing outside South Africa.

9. Data Subject Rights

Facilitate secure verification process to protect against unauthorized access requests.

10.Employee Training & Awareness

Conduct training on privacy best practices, including phishing & social engineering awareness, as outlined in the PAIA Manual.

Emphasize the importance of reporting security incidents or breaches promptly.

11.Policy Updates & Contact Information

Regularly update the privacy practices & inform employees of changes.

Include contact details for the Information Officer for questions & data requests.