The Scenario
"PayGuard", a Johannesburg-based digital insurance broker, collects user names, IDs, banking details, and location data. They store this in Firebase, send emails via Mailchimp, and use WhatsApp for support. They have never mapped their data flows or registered an Information Officer.
The Brief
Conduct a data mapping audit. Map how personal information enters the system, where it is stored, who has access, and identify 3 critical security risks under POPIA.
Deliverables
- A data inventory table detailing data types, collection points, storage locations, and third-party tools used
- A visual data flow map description showing transfer paths of Personally Identifiable Information (PII)
- Identification of 3 POPIA compliance gaps (e.g. cross-border transfers, lack of consent check boxes) with concrete remediation steps
- A list of duties and registration requirements for the company's designated Information Officer
Submission Guidance
Address cross-border data transfer regulations (POPIA Section 72) since Mailchimp and Firebase host data outside South Africa.
Submit Your Work
Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.