PIIA (SA) — Risk Assessment
Get Started with This SkillOverview
Draft the risk assessment for a POPIA PIIA: analyse risks to data subjects’ rights and freedoms, including harm, discrimination, and financial loss.
Getting Started
Add your source materials to the project workspace, then activate the PIIA (SA) — Risk Assessment skill. The agent will guide you through the process step by step.
Example conversation
You: I need the risk assessment for our PIIA—risks to data subjects with likelihood and severity.
Agent: I’ll draft the risk assessment. I’ll list the main risks to data subjects’ rights and freedoms (e.g. breach leading to identity misuse, discrimination from profiling, financial loss from wrong payment data), rate likelihood and severity for each, and summarise in a risk register so we can map mitigations and residual risk for sign-off.
Output excerpt
| ID | Risk description | Data subjects | Likelihood | Severity | Inherent risk |
|---|---|---|---|---|---|
| R1 | Unauthorised access to payroll/ID data | Employees | Medium | High | High |
| R2 | Incorrect or outdated data affecting pay | Employees | Low | High | Medium |
| R3 | Data shared with processor without safeguards | Employees | Low | Medium | Medium |
R1 — Unauthorised access: Personal data (including ID numbers and bank details) could be exposed by breach or misuse, leading to identity theft or financial fraud. Mitigation: access controls, encryption, audit logging (see Mitigation Measures).