PoPI Readiness Assessment

Measure your organisation’s PoPI readiness

What is the purpose of this assessment?

This assessment provides specific questions which will guide your organisation through typical thinking in order to establish your level of readiness. Does your organisation even need to comply with PoPI Act? Each question is aimed at triggering the basic thought process of “what does this mean for us”. The outcome of the assessment should provide the insights to determine your next steps to PoPI compliance. Please note that this assessment is only the first step on your PoPI Act compliance journey and does not constitute a complete solution.

Who should complete this assessment?

The most suitable person to complete this assessment would be someone who is best informed about the processing of Personal Information in your organisation. This candidate should know where it is stored, how it is collected, how long you keep it and what you need it for, based on your business needs.

Assessment

1. Should your organisation comply with the PoPI Act?

YesNoI'm not sure

2. Is your Organisation the Responsible Party who decides how and why Personal Information is collected and/or used?

YesNoI'm not sure

3. Do you make use of the services of Operators/Outsourced Partners and ensure risk assessment and strong contractual controls?

YesNoI'm not sure

4. Does your organisation gather Personal Information directly from the data subject (customers, employees, third parties)?

YesNoI'm not sure

5. Are you domiciled in South Africa?

YesNoI'm not sure

6. Do you process Personal Information in South Africa?

YesNoI'm not sure

7. Are you sure that only the right people have access to the Personal Information your organisation collects and stores?

YesNoI'm not sure

8. Is your organisation transparent with all your data subjects regarding the processing of their Personal Information?

YesNoI'm not sure

9. Does your organisation ask for explicit consent to do direct marketing?

YesNoI'm not sure

10. Does your organisation have measures in place to protect the flow of information across borders?

YesNoI'm not sure

11. Is the Personal Information you process current and accurate?

YesNoI'm not sure

12. Does your organisation have steps to verify your customers' personal information and identity?

YesNoI'm not sure

13. Have you established mechanisms to log, track and monitor privacy incidents?

YesNoI'm not sure

14. Do you process only the minimum Personal Information required to conduct your business operations?

YesNoI'm not sure

15. Has your organisation agreed to comply with the PoPI Act?

YesNoI'm not sure

16. Do you process any of the following Special Personal Information of your customers, employees or third parties?

Religious or philosophical beliefsRace or ethnic originTrade union membership or political persuasionHealth, or sex life or sexual orientationGenetic or biometric information for the purpose of uniquely identifying a natural personCriminal behaviourNone of the above

17. Does your organisation have an Information Officer or at least a Deputy Information Officer?

YesNoI'm not sure

18. Which description best describes your organisation?

We have the capacity to work on compliance to the PoPI Act but we need the experts to guide usWe must comply but have capacity and time constraintsWe are at the beginning of compliance but need a deeper and specific understanding

19. Which option best describes how you would like to take it from here?

I would like to confirm my understanding of the PoPI Act by doing more researchI would like to consult a PoPIA specialistI would like you to contact us to assess a potential way forward

20. I understand the consequences of not being compliant to the PoPI Act.

YesNoI'm not sure

Your Information

First Name

Last Name

Email Address

Organisation

Your role in your organisation