Skip to content
Briefs · legal

Data Privacy & Compliance Review

Check how you handle personal data against GDPR / POPIA expectations.

You walk away with

A gap list against privacy principles with proportionate fixes.

Decidi convenes
Recommended level: DeepThe newest, most capable models — for when being wrong is expensive.
What the council debates
Review how we handle personal data and flag the privacy and compliance gaps.

WHAT WE DO WITH DATA:
[what personal data you collect, how, why, where it is stored, who you share it with, how long you keep it]
JURISDICTIONS / FRAMEWORKS: [e.g. GDPR, POPIA, sector rules that apply]
THE FEATURE OR CHANGE TRIGGERING THIS: [if any]

Debate:
1. Lawful basis and consent — do we have a clear, valid reason for each use.
2. Data minimisation — are we collecting more than we need "just in case".
3. Retention and deletion — do we keep data too long; can we honour deletion requests.
4. Sharing and cross-border transfer — third parties and the risks.
5. The individual's rights — access, correction, deletion, portability.
6. Proportionate controls versus box-ticking.

FINAL SYNTHESIS:
- A gap list against the core privacy principles, severity-ranked.
- The lowest-friction fix for each significant gap.
- A clear note that this is general guidance, not legal advice, and a qualified privacy professional should validate.