Compliance Plan

Compliance

POPI Act Compliance Plan

The POPI Act Compliance Plan & Implementation Guide

Do you collect, store or archive any personal or corporate information about any South African individual or business in any format? If so, the Information Regulator holds you accountable & liable for the security & integrity of that information.

Many individuals & organisations believe they are exempt from POPI Act Compliance due to the size and nature of their business, data collection & storage methods. No Organisation or Individual is exempt.

It is the responsibility of every individual of that organisation to understand compliance in terms of the Protection of Personal Information Act; and be involved in the POPI Act Plan for it to be successful.

Data Subject – Organisation or Individual the information is attached to

“Personal Information” – Identifiable, Personal & Confidential data of a Data Subject

POPI Act Plan Questions
  • How did you obtain the information?
  • Why do you have the information?
  • What information do you have?
  • Where do you store and secure the information?
  • Who controls and has access to the information?
  • When did you obtain the information?
  • From where did you obtain the information?

If any of these checkpoints are not policy & procedure driven by you or your company, POPIA suggests you are liable & accountable for the penalties associated.

POPI Act Compliance Checklist

POPI Act Compliance Guide:

  • Appoint an Information Officer
  • Secure your infrastructure with a Managed Firewall & Antivirus
  • Answer these questions
    • How did you obtain the information?
    • Why do you have the information?
    • What information do you have?
    • Where do you store and secure the information?
    • Who controls and has access to the information?
    • When did you obtain the information?
    • From where did you obtain the information?
  • Conduct an Advanced POPIA Self Audit
  • Perform a GAP Analysis
  • Formulate a Plan
  • Conduct a cyber security, website security & mobile application vulnerability assessment on your infrastructure & network
  • Deploy your POPIA Plan
  • Contact a legal firm for compliance confirmation and accreditation
  • Maintain your POPI Compliance
Protection of Personal Information Act > PoPI Act > PoPIA > Complete Regulations Manual & Compliance Requirements Guide
Translate
POPIA