Gap Analysis

Self-Assessment

Follow the guidance from our experts on identifying the POPIA obligations your organisation must address. Complete the assessment yourself, online. Record the current status of compliance and identify key action items for attention before 1 July 2021.

Completeness of your preparation is crucial to demonstrating commitment to the protection of personal information. The POPIA regulation 4(a) requires that a compliance framework be developed, implemented, monitored and maintained. This self-assessment will assist you develop a compliance framework for your organisation. It will help you plan, organise, direct and control the work required to comply with the conditions for the lawful processing of personal information and enable data subjects to exercise their rights.

This assessment is performed online and will include:

  • Governance and accountability
  • Compliance framework
  • Personal information being processed
  • Records of processing operations
  • Data minimisation
  • Personal information impact assessments
  • Lawful bases when personal information is processed
  • Register of data protection risks
  • Control of information exchanges and trans-border transfers
  • Transparency about processing data subjects’ information
  • Validation of operator assertions of compliance
  • Control of outsourced processing
  • Technical and organisational measures to protect information
  • Enabling data subject rights, implementing the necessary measures and systems
  • Managing the information life-cycle
  • Maintaining information quality
  • Maintaining awareness amongst staff, provide data protection education
  • Managing consent for processing and request consent for direct marketing
  • Receiving and processing objections from data subjects
  • Handling data subject requests for information, access, correction, restriction.

POPIA Gap Analysis

 

You can split the assessment across a number of colleagues and track their progress in completing the assessment tasks assigned to them. If it is required, they can submit the evidence that substantiates compliance with the conditions for the lawful processing of personal information.

Click here to submit a request to use the online POPIA Gap Analysis tool.