WHAT RISKS DID YOU IDENTIFY?
Look at the list of risks that you’ve created. Are there any high-risk items that you haven’t attended to?
Now is the time to do something about those risks. Put a risk in your diary and commit to fix it by a specific date. When you’re done with the high-risk items, move over to medium-risk items. Consider how you can mitigate these risks; often making a small change can have a huge impact.
Here’s some reading material on risk management.
REMEMBER THAT YOU NEED A
The POPIA says that when you collect PI, you must tell data subjects
- what PI you collect and why
- your name and address
- whether or not the supply of the PI is optional or mandatory
- what will happen if they don’t supply the PI
- of any law that requires you to collect the PI
- whether you intend to transfer the PI to another country and what level of protection is afforded to PI by that country
- who will receive the PI (recipients or categories of recipients)
- that they have the right to access and to rectify their PI
- that they have the right to object to the processing of their PI
Need some inspiration? Check out our favourite privacy notices here, or contact your POPIA Pro for assistance.
And just like that, we’re done!