POPIA, a piece meal.
The POPIA (Protection of Personal Information Act) came into effect on the 1st of July 2020. Consequently, it is no longer a question of when she will arrive but rather: will you accept her invitation to ensure you are compliant by 1 July 2021?Ever since the POPIA became a topic of discussion, you have been inundated with warnings of compliance and general fearmongering on the consequences of non-compliance. Although there is merit in these warnings, POPIA-compliance is not as daunting as it may seem at first glance.
As the adage goes: How do you eat an elephant? One bite at a time. Depending on your organisation, compliance might indeed be an elephant, or it might be an impala. No matter the size, the process remains the same and we are here to assist you.
To start you off, we created the short questionnaire, below. The POPIA-conditions are not selective, all must be adhered to. Consequently, should you answer no on any of these questions, you are not POPIA compliant.

1Purpose
Have we appointed someone to ensure our lawful processing of Personal Information?
Yes/No
Yes/No
2Limitation
Have we determined the reasons and minimum amount of Personal Information needed from Data Subjects?
Yes/No
Yes/No
3Purpose
Have we determined which of POPI’s processing purposes are applicable to us?
Yes/No
Yes/No
4Further processing
Do we have a Plan of Action for when we need to process Personal Information further than originally indicated?
Yes/No
Yes/No
5Quality
Do we have a Plan of Action in place to ensure we collect & process accurate Personal Information?
Yes/No
Yes/No
6Openness
Do we notify data subjects that we collect their Personal Information and provide reasons?
Yes/No
Yes/No
7Safeguards
Do we sufficiently protect the Personal Information under our control against tampering, deletion and unauthorised access?
Yes/No
Yes/No
8Safeguards
Do we send Personal Information across RSA Borders? If so, is it sufficiently protected there?
Yes/No
Yes/No
9Safeguards
Do we have an agreement with third party(ies) that process Personal Information for our business (including hosting of Personal Information)?
Yes/No
Yes/No
10Participation
Do we have a process to assist Data Subjects to amend or delete their Personal Information?
Yes/No
Yes/No
Please note that the above questionnaire is not the entire meal. It is closer to an entrée – providing an overview of requirements to assist organisations in better visualising and understanding the road forward.
If you answered "no" to any of the above-mentioned questions, contact Gerrie van Gaalen at dataprotection@dkvg.co.za.
For the main course, we have created a checklist to identify the main ingredients, which upon completion, will get you to dessert – a perfect slice of POPIA-compliance. We will gladly work through the list with you, all you need to do is make a booking.
If you answered "no" to any of the above-mentioned questions, contact Gerrie van Gaalen at dataprotection@dkvg.co.za.
For the main course, we have created a checklist to identify the main ingredients, which upon completion, will get you to dessert – a perfect slice of POPIA-compliance. We will gladly work through the list with you, all you need to do is make a booking.