POPIA Compliance & Documentation

POPI Compliance Report

Compliance Process Report

Details the compliance process and engagement as well as the risk assessment and information audit used to establish the data protection compliance level. The Company Privacy Policies are detailed as part of the engagement process. Further recommendations have been offered as a means of continued POPI compliance.

POPI Manual

Company Protection of Personal Information Manual

This contains the broad Privacy Statement and commitment to personal information protection. Not intended as a publicly accessible document but serves as a means of compliance assurance in terms of the Act. The document forms the basis of the (hard-copy) POPI Manual and the contents thereof are deemed to be understood by the relevant staff (Those dealing with Personal Information daily - Only Admin Staff).

Privacy Notice

Company Public Privacy Notice

Serves as the main Privacy Notice for the Company. The notice must be publicly accessible and we will be publishing this on the Company website as is the norm. When requests from the general public are made, this document will serve these information requirements. As a document, it also forms part of the POPI Manual as a matter of course.

Customer Consent Form

Consent to Process Personal Information

As a Repsonsible Party we need consent from all Data Subjects to process personal information. Customers are one category of Data Subjects that are dealt with as a whole. The consent should be included in the Dealer Account Application Form.

Supplier Consent Form

Consent to Process Personal Information

Suppliers are an additional category of Data Subjects that are dealt with as a whole. Consent will need to be gained as part of the process of account creation, as well as for existing suppliers.

Information Request Form

Access To Records held by Company

POPI offers Data Subjects the right to access their personal information. As a Responsible Party, the Company carries the burden of ensuring information accuracy. The request form serves to initiate this process in a systematic and compliant manner.


Information Categories

Information Types

Important for the various accountability aspects of the Company policy. Will be incorporated with the POPI Manual before finalisation.

Training Material

Policy Induction

Training is only required for those that actually handle personal information. While everyone should be aware of policies, only Administrative staff will need to be offered training.

Staff and employees are viewed as Data Subjects and the appropriate compliance should ensue. This class of Data Subject will also require consent to process personal information.

Retention of Records Guide

Reference Guide