POPI Implementation Approach

POPI Gap Analysis

There are three ways to tackle your Gap Analysis. It is up to you whether to use us for one, two or all three these:

1. Complete the POPI self-assessment.

You complete it in about half an hour, in your own time, from your own device.  You will find that by doing the questions, you already get an idea of your gap.

We will send you your compliance score based on your self-assessment, which will help you make decisions on your next steps.

2. Facilitated Analysis session.

Our experienced facilitators will facilitate a session with your management and/or project team, and help you define your high-level gap. Depending on the size and complexity of your organisation, this session could be anything from a half day to three days, and will go a long way towards defining your project scope. The output from this session is a high-level gap assessment.

3. Outsourced Gap Analysis.

Allow our Privacy expert analysts to fast-track your Gap Analysis using our pre-defined toolkits. The Analysts will work closely with your nominated business champions to ensure a detailed Gap Assessment, which can be used to plan the remainder of your implementation

POPI Scoping and Planning:

This can be done before or after the Gap Assessment, depending on your needs.  If done after a detailed Gap Assessment, our programme managers will apply their practical, in-market experience to scope and plan out your POPI implementation with you.

A detailed scope document and project plan will be created in co-operation with your business champions.  The implementation plan will be built using our toolkits and templates, and adopt your project methodology, or if needed, we could advise on what would work best for your environment.

Depending on your circumstances, you could opt to use the scope and project plan we provide to kick off your POPI compliance implementation, or you could opt to make use of our implementation team to drive, monitor or supplement your existing team.

POPI Implementation:

Once the foundation has be laid, and we have a firm understanding of the scope and stakeholders, the business of complying with the POPI Act can commence.  Our team has deep and detailed, current experience with POPI implementation.  Our skill-sets cover Privacy experts, Legal , Risk and  Compliance Officers, Business Analysts, Architects, Project Managers, Change Managers and Programme Managers. See below for a listing of the services we offer related to the implementation of POPI.

Project Management.

Our project managers are well-seasoned in POPI implementation.  They come with not only practical experience, but toolkits and templates which smooths implementation timelines and headaches.

Policies & Standards.

Over the last couple of years, our team has gained a solid understanding of the policies and standards which need to be updated or created as part of the POPI compliance implementation. Our toolkits have been expanded to include templates which could be adapted.

Third Parties.

We have the necessary skills to guide you through, or perform a third party assessment on your behalf, assessing your risk exposure, your contracts, agreements and clauses, and ensuring that all have the essential POPI clauses included

Incident Management.

Your Incident Management process is one of the most important parts of your POPI compliance implementation.  It is essential to have a robust and effective process, which is embedded throughout the organisation.  Every staff member must understand the process, and the part he or she plays therein.  Our process engineers can assist with the creation of a custom-built process for your organisation.

Appointment of Information Officer.

 We have assisted various organisations to clarify the roles and responsibilities of the Information Officer and Deputy Information Officer.  Our Program Managers will assist you to appoint the right person to the role, and coach them through the first couple of incidents (prior to go-live)