# PIIA (SA) — Systematic Description of Processing > Draft the systematic description of processing for a POPIA PIIA: step-by-step description of how personal information is collected, used, stored, and deleted. Tags: South Africa, POPIA, PIIA, DPIA, Data protection, Processing ## Example Prompts - Draft the systematic description of processing for our PIIA - Document how we collect, use, store and delete customer data for the impact assessment - Write the step-by-step processing description for our high-risk activity URL: https://rakenne.app/skills/piia-sa-systematic-description-of-processing/index.md Try this skill: https://rakenne.app/a/?skill=piia-sa-systematic-description-of-processing ## Overview Draft the systematic description of processing for a POPIA PIIA: step-by-step description of how personal information is collected, used, stored, and deleted. ## Getting Started Add your source materials to the project workspace, then activate the *PIIA (SA) — Systematic Description of Processing* skill. The agent will guide you through the process step by step. ## Example conversation **You:** We’re doing a PIIA for our new customer onboarding flow. I need the systematic description of processing—how we collect, use, store and delete the data. **Agent:** I’ll draft the systematic description. I’ll structure it by lifecycle stage: collection (what we collect from the applicant, via which forms or systems), use (onboarding, KYC, account provisioning), storage (which systems, retention), any sharing or transfer, and deletion or anonymisation. I’ll pull in the data categories and purposes you’ve shared and make sure each step is clear so the rest of the PIIA can reference it. ## Output excerpt **1. Collection** — Personal information is collected at account application: name, ID number, contact details, and proof of address. Collection is via the online application form (secure portal) and, where required, uploaded documents. Legal basis: contract performance (section 11(1)(b)). **2. Use** — Data is used for identity verification, credit and fraud checks (via third-party service), account creation, and ongoing service delivery. No automated decision-making with legal or similarly significant effect. **3. Storage** — Stored in [CRM/ERP] and [document store], access-controlled by role. Primary storage in South Africa; backups as per group policy. Retention: 5 years after relationship end for regulatory compliance, then deletion. **4. Deletion** — At end of retention period, records are deleted from live and backup systems; where archiving applies, data is anonymised. Process documented in retention schedule. --- Back to [Skill Library](https://rakenne.app/skills/index.md)