POPI Compliance Checklist

The POPI compliance checklist provided below will help you to answer 20 key questions about your compliance with the Act.  Please complete the form below and we will send a report and score to you.  

This Form cannot be submitted until the missing fields (labelled below in red) have been filled in

Please note that all fields followed by an asterisk must be filled in.

First Name*

Last Name*

E-Mail Address*

1. Have I appointed an Information Officer? (Accountability)*

Yes No Don’t know Not applicable

2. Do I have a policy for dealing with data protection issues? (Accountability)*

Yes No Don’t know Not applicable

3. Can I prove I have trained my staff in their duties and responsibilities under the Act, and are they putting them into practice? (Accountability)*

Yes No Don’t know Not applicable

4. Do I really need this information about an individual? (Minimality)*

Yes No Don’t know Not applicable

5. Do I know what I’m going to use it for? (Specific purpose)*

Yes No Don’t know Not applicable

6. Can I prove I that the people whose information I hold know that I’ve got it, and are they likely to understand what it will be used for? (Consent)*

Yes No Don’t know Not applicable

7. If I want to put staff details on our website have I consulted with them about this? (Consent)*

Yes No Don’t know Not applicable

8. If I use CCTV, are the cameras in the right place and am I displaying notices telling people why I have CCTV? (Consent)*

Yes No Don’t know Not applicable

9. If I want to monitor staff, for example by checking their use of email, have I told them about this, explained why and got their consent? (Consent)*

Yes No Don’t know Not applicable

10. Can I prove I am respecting the rules about Special Personal Information? (Special Personal Information)*

Yes No Don’t know Not applicable

11. Can I prove I the personal information is accurate and up to date? (Information Quality)*

Yes No Don’t know Not applicable

12. Would my staff know what to do if one of my employees or individual customers asks for a copy of information I hold about them? (Openness)*

Yes No Don’t know Not applicable

13. Can I prove I the personal information is being held securely, whether it’s on paper or on computer or any other format? (Security safeguards)*

Yes No Don’t know Not applicable

14. What about my website? Is it secure? (Security safeguards*

Yes No Don’t know Not applicable

15. Can I prove I access to personal information is limited only to those with a strict need to know? (Security safeguards)*

Yes No Don’t know Not applicable

16. If I’m asked to pass on personal information, am I and my staff clear when the Act allows me to do so? (Further processing)*

Yes No Don’t know Not applicable

17. Do I delete/destroy personal information as soon as I have no more need for it? (Effective destruction & Retention Periods)*

Yes No Don’t know Not applicable

18. Do I need to notify the Information Regulator? (Information Officer)*

Yes No Don’t know Not applicable

19. Can I prove I am complying with the rules about Electronic Direct Marketing?*

Yes No Don’t know Not applicable

20. Can I prove I am complying with the rules about Transborder flows?*

Yes No Don’t know Not applicable

Please enter the word that you see below.

Please contact us if you would like to discuss your requirements and how we can be of assistance to you.

Please click here to go from the POPI Compliance Checklist page to the POPI Services page where you can view our range of IT Governance and Management services.

[Home]          [Top]       [Contact]