POPI compliance certificate

 

Certification of POPIA Compliance

What can be evaluated?

  • The development and implementation of a POPIA compliance framework (regulation 4a)
  • Specific business processes, services or products (section 8)
  • Selected personal information impact assessments (regulation 4(b)
  • Enablement of data subject rights (section 5). 

 

Processing activity (as per the register) Role Level 1 Organisation Level 2 Circumstances / purpose Level 3 functional application

Level 4 IT infrastructure

Recruitment Responsible party Financial institution HR department SAP-HR Windows server farm, Oracle DB
Newsletter Responsible party Financial institution Marketing CRM Cloud solution SAAS
AML/KYC Responsible party Financial institution Compliance World Check Unix servers – Oracle DB

 

What is achieved?

Assurance that:

  • The constitutional right to privacy is being respected and fulfilled.
  • Compliance with Conditions for the lawful processing of personal information.
  • Appropriate technical and organisational measures have been implemented
  • Adequate safeguards are implemented to protect data subject rights.  

 

POPIA Compliance Framework Development and Implementation

Assessment criteria focus on:

  • framework completeness
  • safeguards to protect personal information
  • capability in protecting privacy rights
  • readiness for non-compliance
  • breach notification capability.

 

Compliance with the conditions for the lawful processing of Personal Information

Assessment criteria focus on:

  • the legitimacy of the processing of personal information
  • the conditions for the lawful processing of personal information
  • the data subjects’ rights
  • the personal information impact assessments, pursuant to regulation 4(b)
  • the safeguards put in place to protect personal information
  • the obligation to notify data subjects of breaches.

 

POPIA Personal Information Impact Assessments

Assessment criteria focus on:

  • target of evaluation
  • documentation of processing operations
  • risk assessment
  • countermeasures
  • implementation of effect safeguards.