Do you need someone to help you with POPI compliance? We can help you to:

  • take practical effective action to protect personal information at the lowest cost, and
  • get business value out of those efforts.

We do this by following the Michalsons Four-Step Compliance Process. Our process is insightful, entrepreneurial, and will reduce your overall costs. We have a “faster to market” practical approach. We have developed an approach to compliance projects that is both rigorous and pragmatic. It is simpler and quicker than most others. We help you to achieve the most, at the least cost. The benefits of using Michalsons include:

  • Get expert practical legal advice, support, guidance, tools and templates
  • Fast track your efforts
  • Reduce your overall cost of compliance by using your resources as much as possible

POPI Compliance Process

If you are interested in us helping you through the process, complete the form on the right or contact us. Below is a description of the outcomes you want to achieve for each step in the process. You can also read more about how you achieve those outcomes. We can give you a fixed price quote for any step in the process.

Awareness of POPI (Step 1)

Awareness of the new regulatory requirements is the first step. We help you to:

  1. Know what POPI compliance is and how to do it practically and effectively, what the law might require your organisation to do, and what the timeline is.
  2. Know what you need to comply with by determining the overlap with this and other laws (like NCA, CPA, PAIA, and record retention laws). This will help you to find the overlap between your various compliance projects (like TCF or PCI) and work out if you can kill many birds with one stone.
  3. Assess the impact of POPI on your organisation by doing a Privacy Impact Assessment.
  4. Understand your risk profile by doing a POPI risk assessment.
  5. Establish the business case, motivation or strategy for further action.

We usually raise awareness by doing a public or private POPI Act Awareness Workshop or an Executive Briefing.

Plan (Step 2)

Planning is vitally important. You need to know who is going to do what, when. And what you are not going to do. We will help you Plan. Planning includes to:

  1. Identify the role players, like project sponsor and manager, and current information officer.
  2. Map your activities to establish the facts about your organisation that are relevant to POPI, identify the sections of POPI that are relevant to your activities, record how you are processing lawfully, determine the gaps where you are not processing lawfully, and identify implementation action items. Our POPI Mapper and POPI Activities Map template are key tools for doing this. 
  3. Check whether your sharing of personal information with others (excluding operators) is lawful to find the gaps where you are not processing lawfully and identify implementation action items. Our POPI Sharing Map template is a key tool for doing this.
  4. Ensure there is a common interpretation of POPI in your organisation.
  5. Identify your  Compliance Action Items, including identifying some quick wins. Given limited resources and time, you need to follow a risk-based approach first to decide what you need to do and in what order. For each action item, you must determine how important it is, who is responsible for it, the resource that will actually do it, what it will cost, and what the deadline is. We have great tools to help you do this fast. Where possible, we will help you find the right external resource to help you implement. Our Compliance Action Items template is a key tool for doing this.
  6. Identify your roadmap. Our Project Status Report template is a key tools for doing this.

Planning involves doing various things, like discovering, researching, asking questions, drafting, analysing or workshopping. Planning often involves a private POPI Planning Workshop for a group of people from all functions or for a specific function. The workshop is based on the material of our POPI Act Awareness workshop, but we spend much more time on mapping activities and planning action items.

Implement (Step 3)

Actually implementing POPI is the most important step. The identified resource must take practical effective action to protect personal information. People within your organisation will have to do many of the action items. We can help you do some (not all) of the actions and other external resources will also help you do some. Doing includes to:

  1. Implement the quick wins.
  2. Do the other implementation action items in accordance with your roadmap.

If you are interested, we can tell you which action items we can assist with. We can also support you during the implementation phase, especially with the implementation of action items by other external resources. We can:

  • attend project meetings to provide practical guidance and insight,
  • answer questions that come out of meetings,
  • provide updates on significant developments.

Review (Step 4)

Review (or audit) that the relevant resource has correctly implemented the action items, including to:

  1. check they have been done correctly, and
  2. set up structures and processes to ensure ongoing sustainable compliance.

Why we will Deliver

  • We have a team of practical privacy and data protection lawyers.
  • We have deep knowledge and expertise helping organisations comply with POPI. We are independent professional legal advisors with expertise on how to implement POPI. Our advice is privileged and the regulator cannot seize it.
  • We are currently working with many organisations, from dual listed multinationals to start-ups. In various industries, including financial services, marketing, FMCG, oil, healthcare, retail, and mining.
  • We have successfully done many large projects on POPI, IT GRC, information security, and records management. We have also done many IT Legal Audits on many organisations.

Our Role

Our role is similar to that of an architect when you build a house. We:

  1. make you aware of the practical implications,
  2. help you plan what needs to be done,
  3. do some of the work ourselves and check that others are doing their work, and
  4. review that everything has been done correctly.

Our Experience

  • We are currently helping many organisations comply, by following our compliance process.
  • We have advised a large variety of businesses, both domestic and international.
  • We have presented to well over 3,000 people on about 60 different occasions.


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.