Considering the just announced POPIA “go live” date, Ilze Luttig Hattingh of Novation Consulting, advises on seven things you can do to kickstart your POPIA compliance project – even during a worldwide pandemic:
|1.||Assemble a project team|
|2.||Do an information governance (IG) maturity assessment|
|3.||Work out a high-level project plan|
|4.||Work out a budget|
|5.||Do a preliminary investigation|
|6.||Review your current policies|
|7.||Draft your POPIA Compliance Framework|
How should you action a preliminary investigation?
Hattingh advises that a good starting point is to set up some time with senior managers and get a sense of where and how your organisation uses personal information. She identifies a few questions you should answer:
|●||What customer information do you collect?|
|●||How do you collect it?|
|●||Where is it stored?|
|●||What employee information do you have and where do you store it?|
|●||What services providers do you use that have access to your customer or employee information?|
|●||Do you do direct marketing? How?|
|●||Do you sell datasets that contain personal information?|
It’s also important to review your current policies and to draft a POPIA Compliance Framework.
The framework should:
|●||Define the aim and principles of your POPIA compliance programme.|
|●||Identify the roles and responsibilities within the programme.|
|●||Include a policy development and alignment plan.|
|●||Set out a policy implementation plan.|
|●||Describe your approach to risk assessments.|
|●||Describe your approach to compliance monitoring.|
Click here to read the article, as well as access other insightful content.
Don’t be lulled into a false sense of complacency, thinking you still have a year to get your ducks in a row. Now may be the best time, while we wait for the pandemic to pass.