Reviewing the risks you identified, and privacy notices.

This week we would like to tie everything together and review your list of risks.

  1. You are responsible for the PI you have, so don’t collect or store more than you need.
  2. Know what PI you have, why you have it, and where you keep it.
  3. Don’t leave papers and files containing PI lying around. Shred it or lock it away.
  4. Secure your devices, use passwords, and don’t do stupid things with email.
  5. Check your IT security regularly, update your software, and back up safely!
  6. If you share PI with operators make sure that you enter into contracts with them to keep the PI safe.
  7. Have a process in place should you have a data breach.
  8. Know what data subject access requests are and how to deal with them.


Look at the list of risks that you’ve created. Are there any high-risk items that you haven’t attended to?

Now is the time to do something about those risks. Put a risk in your diary and commit to fix it by a specific date. When you’re done with the high-risk items, move over to medium-risks items. Consider how you can mitigate these risks; often making a small change can have a huge impact.

Here’s some reading material on risk management.


The POPIA says that when you collect PI, you must tell the data subjects

  • what PI you collect and why
  • your name and address
  • whether or not the supply of the PI is optional or mandatory
  • what will happen if they don’t supply the PI
  • of any law that requires you to collect the PI
  • if you intend to transfer the PI to another country and what level of protection is afforded to the PI by that country
  • who will receive the PI (recipients or categories of recipients).
  • that they have the right to access and to rectify their PI
  • that they have the right to object to the processing of their PI

Need some inspiration? Check out our favourite privacy notices here, or contact your POPIA Pro for assistance.

And just like that, we’re done!

Remember that you have a free one-hour consultation included with this programme!
Use it, and contact us if you have any questions about this week’s topic.