Our KPMG Privacy methodology proposes a phased approach to privacy compliance that is both flexible anddynamic to ensure that we continuously provide commercially sensible, value adding insights to our clients’ business environment.
We are of the opinion that a phased rational approach, where each phase builds on findings from the previous phase, is the only way to perform a successful POPI engagement.
The methodology is divided into three phases:
- Phase A: Through this phase we will determine your current level of maturity in respect of privacy optimisation, and particularly POPI compliance through the performance of a POPI gap analysis. During this analysis we will assess your organisation’s “AS-IS” maturity against the information protection conditions contained in the POPI Act. The results of this analysis will enable us to pin-point your POPI compliance gaps and areas for improvement. Thereafter, considering the observations obtained during the gap analysis we will develop a prioritised, organisation specific, POPI remediation roadmap which will enable you to achieve compliance with the POPI Act. Whilst organisations differ, we envisage that POPI will impact the following areas of your organisation (where applicable).Phase.
- Phase B: The purpose of this phase is to use the foundation established during Phase A to build the privacy optimisation vision of the entity. Through this phase the entity will be assisted in the practical implementation of privacy enhancing controls that will enable them to achieve an adequate level of compliance with the POPI Act.
- Phase C: During this phase we will assist organisations to ensure their continued compliance with the POPI Act by implementing controls to ensure that privacy optimisation controls are operating effectively.