Free · Email-gated · 7-day plan
POPIA Compliance Audit Checklist
A structured 7-day DIY POPIA self-audit. Designed for SA businesses up to ~50 employees who want a clear-eyed view of their POPIA exposure before engaging external counsel.
Written by
Martin Kotze
Attorney, Conveyancer & Notary Public
Email me the checklist
Enter your email and we’ll send the editable Word document (.docx) straight to your inbox. Link valid for 7 days.
The 7-day plan
Data mapping — identify what personal information you process, where, why
Information Officer registration check with the Information Regulator
Privacy notice review — does it satisfy section 18 disclosure requirements?
Operator agreements audit — section 21 written contracts with all processors?
Security measures review — section 19 technical and organisational measures
Cross-border transfer assessment — section 72 lawful basis documented?
Incident response plan dry-run — can you notify the Regulator in 72 hours?
Why you can trust this: Martin Kotze has been an admitted Attorney of the High Court of South Africa, registered Conveyancer, and Notary Public since 2014, practising from Pretoria. The firm is regulated by the Legal Practice Council under firm registration 17444.
This guide is general information, not legal advice for your specific matter.