Considering the just announced POPIA “go live” date, Ilze Luttig Hattingh of Novation Consulting, advises on seven things you can do to kickstart your POPIA compliance project – even during a worldwide pandemic:
| 1. | Assemble a project team |
| 2. | Do an information governance (IG) maturity assessment |
| 3. | Work out a high-level project plan |
| 4. | Work out a budget |
| 5. | Do a preliminary investigation |
| 6. | Review your current policies |
| 7. | Draft your POPIA Compliance Framework |
How should you action a preliminary investigation?
Hattingh advises that a good starting point is to set up some time with senior managers and get a sense of where and how your organisation uses personal information. She identifies a few questions you should answer:
| ● | What customer information do you collect? |
| ● | How do you collect it? |
| ● | Where is it stored? |
| ● | What employee information do you have and where do you store it? |
| ● | What services providers do you use that have access to your customer or employee information? |
| ● | Do you do direct marketing? How? |
| ● | Do you sell datasets that contain personal information? |
It’s also important to review your current policies and to draft a POPIA Compliance Framework.
The framework should:
| ● | Define the aim and principles of your POPIA compliance programme. |
| ● | Identify the roles and responsibilities within the programme. |
| ● | Include a policy development and alignment plan. |
| ● | Set out a policy implementation plan. |
| ● | Describe your approach to risk assessments. |
| ● | Describe your approach to compliance monitoring. |
Click here to read the article, as well as access other insightful content.
Don’t be lulled into a false sense of complacency, thinking you still have a year to get your ducks in a row. Now may be the best time, while we wait for the pandemic to pass.
