# POPIA Compliance Framework — Manual & PAIA Manual (South Africa) > Draft and validate POPIA (Act 4 of 2013) compliance framework documentation and the mandatory PAIA Manual. Covers the eight conditions for lawful processing, PAIA manual, Information Officer registration, and breach notification. Tags: South Africa, POPIA, PAIA, Privacy, Data protection ## Example Prompts - Draft our POPIA compliance framework and PAIA Manual - Check our POPIA documentation for all eight conditions and PAIA sections - Prepare Information Officer registration and breach notification procedure URL: https://rakenne.app/skills/za-popia-compliance-framework/index.md Try this skill: https://rakenne.app/a/?skill=za-popia-compliance-framework ## Overview Draft and validate POPIA (Act 4 of 2013) compliance framework documentation and the mandatory PAIA Manual. Covers the eight conditions for lawful processing, PAIA manual, Information Officer registration, and breach notification. ## Example Conversation > **You:** We need POPIA compliance documentation and a PAIA Manual for our South African entity. We have an Information Officer and need to cover the eight conditions, breach notification, and cross-border transfers. Can you draft and run the checker? > **Agent:** I’ll draft the POPIA compliance document covering the eight conditions (accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, data subject participation), plus a PAIA Manual with the required sections (s51 for private body), Information Officer registration, breach notification procedure, and cross-border transfer safeguards. Then I’ll run `popia_conditions_checker`. > **Agent:** Created `popia-compliance-framework.md` and `paia-manual.md`. Running `popia_conditions_checker` on the compliance document… > **Agent:** Check **PASS** — all eight POPIA conditions are addressed, PAIA manual sections (s51) are present, Information Officer registration with the Information Regulator is documented, breach notification procedure is in place, and cross-border transfer safeguards are documented. Ready for sign-off. ## What the Tools Validate **`popia_conditions_checker`** scans the compliance documentation (and/or PAIA manual) for: - **Eight POPIA conditions** — Accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation must each be addressed. - **PAIA manual** — Required sections for a private body (Section 51) or public body (Section 14): categories of records, access request procedure, and (for POPIA alignment) subjects and categories of personal information, cross-border transfer information. - **Information Officer registration** — Registration with the Information Regulator (and Deputy IO where applicable) must be documented. - **Breach notification** — Procedure for notifying the Information Regulator and data subjects, with timeline, must be documented. - **Cross-border transfer safeguards** — Adequate protection or other permitted mechanisms must be documented. **Output:** PASS if all are present; otherwise FAIL with a line per missing element. Fix gaps and re-run until the check passes. ## Output Excerpt **POPIA compliance (excerpt):** ```markdown ## Eight conditions for lawful processing 1. **Accountability** — The responsible party [Company] ensures compliance with POPIA and has designated an Information Officer. 2. **Processing limitation** — Personal information is processed lawfully and in a reasonable manner... 7. **Security safeguards** — Appropriate technical and organisational measures are in place... 8. **Data subject participation** — Data subjects may request access, correction, and deletion per the PAIA manual procedure. ## Breach notification - Breaches that pose a risk are reported to the Information Regulator without undue delay. Affected data subjects are notified where required. Procedure and timeline are set out in the incident response plan. ``` **popia_conditions_checker report (excerpt):** ``` === POPIA CONDITIONS CHECK === Result: PASS Document: popia-compliance-framework.md POPIA condition 'Accountability' is addressed. ... PAIA manual required sections (s51 private body / s14 public body) are present. Information Officer registration with the Information Regulator is documented. POPIA compliance documentation meets expectations. ``` ## Getting Started Add your source materials to the project workspace (e.g. record categories or access procedure), then activate the *POPIA Compliance Framework — Manual & PAIA Manual (South Africa)* skill. The agent will guide you through drafting the compliance framework and PAIA manual and running `popia_conditions_checker` until the check passes. --- Back to [Skill Library](https://rakenne.app/skills/index.md)