Processing of personal must be restricted to what is lawful and in a reasonable manner that will not provoke a data subject to object. Personal information must be collected for a specific, explicitly defined and lawful purpose related to a function or activity of the responsible party. Given the purpose, the processing of personal information must be adequate, relevant and not excessive. A valid legal basis is required to process personal information.
The POPIA platform provides a step-by-step, automated process for responsible parties and information officers to assess the processing of personal information. It will reduce the time and effort required to ensure business processes give effect to these conditions for lawful processing of personal information. Process assessments are recorded in a centralised database and the status of compliance recorded. Actions to address non-compliance are planned, assigned, and tracked through to finalisation.