PortfolioDataData Governance & QualityAdvanced
DataAdvanced 3 to 5 hours

POPIA/GDPR Compliance Audit

Audit a fictional company's data practices and write a compliance gap report.

The Scenario

A South African fintech startup has grown rapidly but has never done a formal data privacy audit. They store customer ID numbers, bank account details, and location data. A new enterprise client requires POPIA compliance certification before signing the contract.

The Brief

Conduct a POPIA compliance audit of the fictional company. Identify gaps, classify them by risk level, and write a remediation plan that the CTO can execute in 90 days.

Deliverables

  • A summary of POPIA's 8 conditions for lawful processing and how each applies to this fintech
  • A gap analysis table: at least 5 specific gaps (e.g., "no consent mechanism for location tracking")
  • A risk classification for each gap: Critical (legal exposure), High (reputational), Medium (operational)
  • A 90-day remediation roadmap with specific actions, responsible parties, and milestones

Submission Guidance

POPIA is South African law, not a suggestion. Show that you understand the legal requirements, not just the IT implementation. Reference specific POPIA sections where relevant.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.