Considering the just announced POPIA “go live” date, Ilze Luttig Hattingh of Novation Consulting, advises on seven things you can do to kickstart your POPIA compliance project – even during a worldwide pandemic:
1. | Assemble a project team |
2. | Do an information governance (IG) maturity assessment |
3. | Work out a high-level project plan |
4. | Work out a budget |
5. | Do a preliminary investigation |
6. | Review your current policies |
7. | Draft your POPIA Compliance Framework |
How should you action a preliminary investigation?
Hattingh advises that a good starting point is to set up some time with senior managers and get a sense of where and how your organisation uses personal information. She identifies a few questions you should answer:
● | What customer information do you collect? |
● | How do you collect it? |
● | Where is it stored? |
● | What employee information do you have and where do you store it? |
● | What services providers do you use that have access to your customer or employee information? |
● | Do you do direct marketing? How? |
● | Do you sell datasets that contain personal information? |
It’s also important to review your current policies and to draft a POPIA Compliance Framework.
The framework should:
● | Define the aim and principles of your POPIA compliance programme. |
● | Identify the roles and responsibilities within the programme. |
● | Include a policy development and alignment plan. |
● | Set out a policy implementation plan. |
● | Describe your approach to risk assessments. |
● | Describe your approach to compliance monitoring. |
Click here to read the article, as well as access other insightful content.
Don’t be lulled into a false sense of complacency, thinking you still have a year to get your ducks in a row. Now may be the best time, while we wait for the pandemic to pass.