PIIA (SA) — Systematic Description of Processing

Overview

Draft the systematic description of processing for a POPIA PIIA: step-by-step description of how personal information is collected, used, stored, and deleted.

Getting Started

Add your source materials to the project workspace, then activate the PIIA (SA) — Systematic Description of Processing skill. The agent will guide you through the process step by step.

Example conversation

You: We’re doing a PIIA for our new customer onboarding flow. I need the systematic description of processing—how we collect, use, store and delete the data.

Agent: I’ll draft the systematic description. I’ll structure it by lifecycle stage: collection (what we collect from the applicant, via which forms or systems), use (onboarding, KYC, account provisioning), storage (which systems, retention), any sharing or transfer, and deletion or anonymisation. I’ll pull in the data categories and purposes you’ve shared and make sure each step is clear so the rest of the PIIA can reference it.

Output excerpt

1. Collection — Personal information is collected at account application: name, ID number, contact details, and proof of address. Collection is via the online application form (secure portal) and, where required, uploaded documents. Legal basis: contract performance (section 11(1)(b)).

2. Use — Data is used for identity verification, credit and fraud checks (via third-party service), account creation, and ongoing service delivery. No automated decision-making with legal or similarly significant effect.

3. Storage — Stored in [CRM/ERP] and [document store], access-controlled by role. Primary storage in South Africa; backups as per group policy. Retention: 5 years after relationship end for regulatory compliance, then deletion.

4. Deletion — At end of retention period, records are deleted from live and backup systems; where archiving applies, data is anonymised. Process documented in retention schedule.