POPIA Compliance – Privacy Basic Checklist

Do you need to collect personal information?

Ensure there is a true business need for the information.

Are you only requesting the minimum information required?

Resist the temptation to collect additional information that you “might” need in the future.

Are you informing the individual why you need it and what it will be used for?

If the information will be handled by a third-party, is that clearly disclosed?

Have third-parties involved in handling personal information been properly vetted and is appropriate contract language in place?

Information Officer can assist.

Is personal information properly secured?

Follow your office security standards and consult with the Information Officer. Most notably, limit access to personal information to only those who need to know.

Do you have a data retention plan that includes a schedule to delete personal information when it is no longer needed?

Have a plan for deleting old information and have processes that ensure information is cleaned up according to that plan.

Are you aware of POPIA or contractual requirements regarding privacy or security?

Be sure you know your obligations and come up with processes to meet them. This may mean meeting specific security standards, minimum/maximum data retention requirements or other required steps.

Know how you will handle privacy related questions and requests.

Information Officer can assist.

Leave a Reply

Your email address will not be published. Required fields are marked *