Stay Home. Stay Safe. Stay Informed. Visit


Are you ready for POPI Act compliance?

popiWith the Protection of Personal Information Act (POPIA) in force from 1 July 2020 and the Information Regulator South Africa assuming full enforcement powers from 1 July 2021 now is the time to make sure you are ready for compliance with POPIA.

The handy assessment checklist below gives you a high level view of the state of your readiness. For more information on how to improve your score please contact Dr Peter Tobin, Certified Information Privacy Manager, on 083-922-3444 or email This email address is being protected from spambots. You need JavaScript enabled to view it.. For more information about POPIA and how to prepare for compliance please visit


Top 20 Health-check questions for POPI Act compliance



Have we formally appointed the CEO as Information Officer / Deputy IO to support the CEO/Designated Head including POPI Regulations 2018 duties? (Accountability)



Have we established a formal POPIA project charter with scope, budget, timescale? (Accountability)



Do we have a privacy framework as required in POPI Regulations 2018 for dealing with Personal Information protection issues? (Accountability)



Can we prove we have trained our staff in their duties and responsibilities under the Act and POPI Regulations 2018, and are they putting them into practice? (Accountability)



Can we show the Personal Information gathered is not excessive? (Minimality)



Can we prove that the people whose Personal Information we hold know that we’ve got it, and are they likely to understand what it will be used for? (Consent or Contract)



Do we have a POPIA-compliant privacy notice on our web site? (Notification)



Do we have procedures in place to deal with notification of security compromises? (section 22)



Can we prove we are respecting the rules about Special Personal Information? (Special Personal Information)



Can we prove the Personal Information is accurate and up to date? (Information Quality)



Can we prove we have completed an internal and external risk assessment and impact study as required in the Act and POPI Regulations 2018 and addressed risks identified and have an ongoing risk management plan (Security safeguards)



Can we prove the Personal Information is being held securely, whether it’s on paper or on computer or any other format? (Security safeguards)



Do we have an up-to-date PAIA manual that complies with the Act and POPI Regulations 2018 on our website? Openness)



Can we prove access to Personal Information is limited only to those with a strict need to know? (Security safeguards)



If we are asked to pass on Personal Information, are my staff clear when the Act allows them to do so? (Further processing)



Do we delete/destroy Personal Information as soon as we have no more need for it? (Effective destruction & Retention Periods)



Do we have a process to handle Data Subject requests? (Information Officer)



Can we prove we are complying with the rules about Electronic Direct Marketing? (EDM compliance)



Can we prove we are complying with the rules about Transborder flows? (Transborder compliance)



Do we have a plan to maintain compliance on a continuous basis as part of our Privacy Framework? (Accountability)





This article was submitted by Dr Peter Tobin.

All Posts

Admin Log in

Login to your account

Username *
Password *
Remember Me