Compliance

PoPI Act Checklist

PoPI Act Checklist & Compliance Roadmap

Do you collect, store or archive any personal or corporate information about any South African individual or business in any format? If so, the Information Regulator holds you accountable & liable for the security & integrity of that information.

Many individuals & organisations believe they are exempt from PoPI Act Compliance due to the size and nature of their business, data collection & storage methods. No Organisation or Individual is exempt.

It is the responsibility of every individual of that organisation to understand compliance in terms of the Protection of Personal Information Act; and be involved in the PoPI Act Plan for it to be successful.

“Data Subject” – Organisation or Individual the information is attached to

“Personal Information” – Identifiable, Personal & Confidential data of a Data Subject

PoPI Act Questions to Consider
  • How did you obtain the information?
  • Why do you have the information?
  • What information do you have?
  • Where do you store and secure the information?
  • Who controls and has access to the information?
  • When did you obtain the information?
  • From where did you obtain the information?

If any of these checkpoints are not policy & procedure driven by you or your company, PoPIA suggests you are liable & accountable for the penalties associated.

PoPI Act Compliance Checklist

PoPI Act Recommendation:

  • Appoint and Register an Information Officer
  • Secure your infrastructure with a Managed Firewall & Antivirus
  • Answer these questions
    • How did you obtain the information?
    • Why do you have the information?
    • What information do you have?
    • Where do you store and secure the information?
    • Who controls and has access to the information?
    • When did you obtain the information?
    • From where did you obtain the information?
  • Conduct a PoPIA Self Assessment Checklist
  • Perform a GAP Analysis
  • Formulate a Compliance Plan
  • Workplace Training
  • Conduct a cyber security, website security & mobile application vulnerability assessment on your infrastructure & network
  • Ensure Data Destruction procedures are in place (EOL Hard Drives etc.)
  • Deploy your PoPIA Plan
  • Contact a legal firm for compliance confirmation and accreditation
  • Maintain your PoPI Compliance Plan
Scroll To Top