POPI Act Compliance Health Check

Company Name
1. Have we appointed an Information Officer? (Accountability)*
2. Have we established a formal POPI project with scope, budget, timescale, etc? (Accountability)*
3. Do we have a policy for dealing with Personal Information protection issues (Accountability)*
4. Can we prove we have trained our staff in their duties and responsibilities under the Act, and are they putting them into practice? (Accountability)*
5. Can we show the Personal Information gathered is not excessive? (Minimality)*
6. Do we know what we are going to use the Personal Information for? (Specific purpose)*
7. Can we prove that the people whose Personal Information we hold know that we’ve got it, and are they likely to understand what it will be used for? (Consent)*
8. Do we have a POPI-compliant privacy notice on our website? (Consent)*
9. Do we have procedures in place to deal with the notification of security compromises? (section 22)*
10. Can we prove we are respecting the rules about Special Personal Information? (Special Personal Information)*
11. Can we prove the Personal Information is accurate and up to date? (Information Quality)*
12. If we are asked to pass on Personal Information, are my staff clear when the Act allows them to do so? (Further Processing)*
13. Can we prove the Personal Information is being held securely, whether it is on paper or on computer or any other format? (Security safeguards)*
14. Do we have an up-to-date PAIA manual on our website? Openness)*
15. Can we prove access to Personal Information is limited only to those with a strict need to know? (Security safeguards)*
16. Do we delete/destroy Personal Information as soon as we have no more need for it? (Effective destruction & Retention Periods)*
17. Do we have a process to handle Data Subject requests? (Information Officer)*
18. Can we prove we are complying with the rules about Electronic Direct Marketing? (Chapter 8)*
19. Can we prove we are complying with the rules about Transborder flows? (Chapter 9)*
20. Do we have a plan to sustain ongoing compliance? (All aspects)*