Advanced Compliance Checklist

Checklist > PoPIA > PoPI Act > Protection of Personal Information Act

POPI Act Compliance Full Self Assessment. (30 Points of Compliance)

Selections can not be changed, please ensure correct responses.

This is not an official assessment and is purely informative.


By using this service, you hereby consent to the data collection of the assessment by clicking "Next".

Name & Surname
Has your company appointed an Information Officer?
Has your company established a formal POPI project with scope, budget, timescale, etc?
Does your company have a policy for dealing with Personal Information protection issues?
Can your company prove you have trained your staff in their duties and responsibilities under the Act, and are they putting them into practice?
Can your company show the Personal Information gathered is not excessive?
Does your company know what you are going to use the Personal Information for?
Can your company prove that the people whose Personal Information you hold know that you have it, and are they likely to understand what it will be used for?
Do you have a POPI-compliant privacy notice on your website?
Do you have procedures in place to deal with the notification of security compromises?
Are there safeguards in place to ensure the lawful processing of children's personal information?
Can you prove the Personal Information is accurate and up to date?
If you are asked to pass on Personal Information, is your staff clear when the Act allows them to do so?
Can you prove the Personal Information is being held securely, whether it is on paper or on computer or any other format?
Do you have an up-to-date PAIA manual on your website?
Does your business have controls in place to ensure its processing of personal information is lawful?
Is there a system in place to ensure the correct application of processing exceptions?
Does your business have a system in place to obtain prior authorisation?
Does your business adhere to the code of conduct for its particular industry?
Is your business aware of the data subject’s rights in respect of direct marketing?
Does your business take steps to avoid penalties, fine and administrative fines?
Is your business aware of the fees applicable to it under this act?
Can you prove access to Personal Information is limited only to those with a strict need to know?
Do you delete/destroy Personal Information as soon as we have no more need for it?
Do you have a process to handle Data Subject requests?
Can you prove you are complying with the rules about Electronic Direct Marketing?
Can you prove you are complying with the rules about Transborder flows?
Do you have a plan to sustain ongoing compliance?
Have you conducted an infrastructure vulnerability assessment?
Is your website POPI compliant?
Do you offer POPI Compliance staff training?

Congratulations on taking your first step to become POPI Act Compliant.

Advanced Assessment Date : May 21, 2022 (30 Points of Compliance)

Please complete your contact information then click "Submit" below to see your results.