POPI Act Compliance
Our commitment to protecting your personal information
MediSens (Pty) Ltd is fully compliant with the Protection of Personal Information Act, 2013 (POPI Act). We take our responsibility as a responsible party seriously and have implemented comprehensive measures to ensure the lawful processing of personal information.
Our Compliance Framework
ISO 27001 Aligned ISMS
Information Security Management System aligned with international standards for comprehensive data protection
ISO 27701 Aligned PIMS
Privacy Information Management System ensuring enhanced privacy protection and compliance
South African Data Residency
All data stored exclusively within South Africa, never crossing international borders
POPI Act Compliance
Full adherence to all eight conditions for lawful processing of personal information
The Eight Conditions of POPI
MediSens complies with all eight conditions for the lawful processing of personal information:
Accountability
We have appointed an Information Officer and implemented measures to ensure compliance
Processing Limitation
We process information lawfully, with consent, and only for specified purposes
Purpose Specification
Collection purposes are specific, explicitly defined, and communicated to data subjects
Further Processing Limitation
Further processing is compatible with original collection purposes
Information Quality
We ensure personal information is complete, accurate, and up to date
Openness
We maintain transparent documentation and communicate our processing practices
Security Safeguards
Appropriate technical and organizational measures protect personal information
Data Subject Participation
Data subjects can request access, correction, and deletion of their information
Data Security Measures
We implement comprehensive security measures including:
- End-to-end encryption for data transmission
- Encrypted storage of sensitive information
- Multi-factor authentication options
- Regular security audits and penetration testing
- Access controls and role-based permissions
- Continuous monitoring for security threats
- Incident response and breach notification procedures
- Regular staff training on data protection
Your Rights as a Data Subject
Under the POPI Act, you have the right to:
- Be notified that your personal information is being collected
- Know whether we hold personal information about you
- Request access to your personal information
- Request correction or deletion of your information
- Object to the processing of your information
- Request that processing be restricted
- Submit a complaint to the Information Regulator
- Institute civil proceedings for damages
Information Officer
Our designated Information Officer is responsible for ensuring POPI Act compliance and handling data subject requests. Contact details:
Breach Notification
In the unlikely event of a data breach that may cause harm to data subjects, we will:
- Notify the Information Regulator as soon as reasonably possible
- Notify affected data subjects directly if the breach poses a significant risk
- Take immediate steps to secure systems and prevent further breaches
- Investigate the cause and implement corrective measures
- Document the breach and our response for regulatory review
Compliance Audits
MediSens undergoes regular internal and external audits to ensure ongoing compliance with the POPI Act and alignment with ISO 27001 and ISO 27701 standards. Our compliance program includes:
- Annual compliance reviews and gap analyses
- Regular privacy impact assessments
- Continuous monitoring of data processing activities
- Staff training and awareness programs
- Vendor and third-party compliance assessments
Contact the Information Regulator
If you have concerns about our data processing practices or wish to lodge a complaint, you may contact the Information Regulator:
Information Regulator South Africa
JD House, 27 Stiemens Street
Braamfontein, Johannesburg, 2001
Website: www.justice.gov.za/inforeg
Email: inforeg@justice.gov.za
Our Commitment to You
At MediSens, we believe that protecting your personal information is not just a legal requirement—it's a fundamental aspect of the trust you place in us as healthcare professionals. We are committed to maintaining the highest standards of data protection and privacy, ensuring that your information remains secure, confidential, and under your control.