The Protection of Personal Information Act (or POPIA or POPI Act) in South Africa sets conditions for how you can lawfully process personal information. It has been signed by the President and is law. The Information Regulator has published the regulations for comment. You will only have one year from the commencement date to comply or face significant consequences. There is also a business case for the POPI Act. There have been many false starts, but now is the time to act. One option is to attend a POPI workshop.
If your organisation processes personal information, complying with the POPI Act is your problem. Those in the Financial Services, Healthcare and Marketing sectors, in particular, will be affected by the POPI Act. The objective of the POPI Act is to protect people from harm and their right to privacy. The POPI Act is a difficult law to understand and apply to your specific circumstances because it deals with intangible concepts.
If your organisation has to comply with the POPIA, you will be considering what action you can take to get more informed. POPIA forms part of a set of laws, codes and regulations that fall into the broad category of Data Protection. We’ve learnt that is valuable to take a broader view of data protection rather than looking at the POPIA in isolation. We recommend that you start by attending our public data protection workshop. In our data protection workshop about 90% of what we cover relates to the POPIA and the remaining 10% is likely to be relevant to you too.
However if you are certain that you should specifically only be looking at POPIA we can present a private in house workshop. We offer in-person executive briefings or full day workshops on the POPI Act presented by an expert with practical experience. We give examples throughout.
The information below sets out what would be covered in a private POPIA workshop.
- Get a good understanding of the version of the POPI Act that has been signed into law.
- Reduce the penalties for non-compliance, including fines up to R10 million or prison.
- Understand how to manage the personal information you process to comply with the law, address your customer’s demands, and protect your organisation.
- Work out who in your organisation is responsible.
- Know the impact of the POPI Act on your organisation.
- Plan what you need to do for POPI in a practical way. There are many things you could do to comply with POPI, the key is to work out what you should do given limited resources and time. Now is the time to plan what you will do, when, and who will do it. Good planning, results in effective and meaningful actions that adds business value to the organisation.
- Implement some quick wins.
- Fast-track your efforts and focus on the right things.
- Reduce your overall cost of compliance.
- Minimise your risks.
- Find a practical method that suits you.
- Know where to start with your POPI project and make it a success.
- Get an overview of this complex law and know what practical action to take.
- Get up-to-speed quickly. Understand the effect of the POPI Act on your organisation.
- Get expert practical legal advice and guidance, but use your resources.
- Save time and fast track your compliance efforts whilst still applying good management principles.
- Identify your main areas of concern.
- Get a bird’s eye view and a detailed analysis of the specific practical issues that concern you.
- Find out how to comply and implement the POPI Act in your organisation.
- Find solutions to fill gaps. Plan what you need to do, and when.
If you are certain that you should specifically only be looking at the POPIA we can present a private in-house workshop. This can take the form an in-person executive briefing, or full day workshop on POPIA presented by an expert with practical experience. We aim to give practical insights that you can use to be effective. We do not give law lectures! We will refund you if you do not think you received value. Our tailored private workshops are for an unlimited number of delegates, provided your training venue can accommodate this. Please enquire by emailing [email protected] and we will provide you with a quote.
The workshop is broken down into nine sessions. Please email us and ask for the POPI Act Workshop programme if you would like details.
- Laying the Foundation
- Overview of the POPI Act
- The Practical Impact of the POPI Act
- Why Privacy Matters – the Top Risks
- IT GRC
- Implementing Effective and Successful POPI Act Projects
- Open floor
- Take Home Points and Action Items
When it comes to implementing the data protection laws and regulations (including POPI and GDPR) – people and organisations often struggle with identifying where to start. What we’ve realised is that:
- some organisations want to comply themselves (for example, by attending one of our workshops described on this page),
- others want to comply with our guidance by joining the Michalsons Data Protection Compliance Programme, and
- others want us to do what needs to be done to comply for them by asking us to quote on specific action items.
We want to you to get value out of the investments (both time and money) you make in training. So we’ve designed a questionnaire that will help us to help you identify the course of action best suited to your organisation. We take into account the potential impact of these laws on your organisation, while factoring in your budget and the resources available to you. So,
before booking data protection training:
please complete our Data Protection high-level Impact Assessment questionnaire. It will take you about 4 minutes and there is no charge to you, and we’ll get back to you with suggestions of a way forward, so that you can make an informed choice.
We will provide attendees with:
- a copy of our comprehensive presentation covering the POPI Act,
- a POPI word cloud,
- our POPI Mapper – a tool to map activities,
- a spreadsheet you can use to record the mapping of your activities,
- a list of POPI Act Actions so that the session translates into practical action, and
- an audio recording of the event (private sessions only).
- Suffer reputational damage
- Lose customers and fail to attract new ones
- Pay out millions in damages to a civil class action
- Be fined up to R10 million or face up to 10 years in jail
Your main motivation for complying with the POPI Act should be to protect people from harm.
This is serious, you need to take action now. You can also get business value out of complying with the POPI Act – there is a strong business case.
Anyone tasked (or involved) with complying with POPI. These workshops are for managers, leaders or decision makers who plan and implement controls to protect personal data. We always encourage people to add their value at any stage.
- Legal advisors (corporate lawyers or in-house lawyers) – to provide good legal advice on privacy issues.
- CIOs and IT Managers – to manage ICT.
- IT Operators – to ensure that ICT operates within the bounds of POPI
- IT Security officers – to secure ICT and personal information.
- IT Governance officers and specialists – to govern ICT.
- Information officers – to balance access to and protection of information. To stay out of jail.
- Marketing Managers – to market in accordance with the law.
- Compliance officers – to effectively comply with privacy laws.
- Auditors and assurance providers (internal and external) – to audit and provide assurance regards privacy
- Risk Officers and Managers – to manage privacy risks.
- HR and Payroll Managers – to ensure that the personal information of employees is protected.
- Credit Managers – to ensure that personal information of creditors and debtors is protected.
- Pension Fund Trustees – to ensure that the personal information of beneficiaries is protected.Directors (executive and non-executive, CEOs and FDs) – to discharge their legal duties and direct the course of the organisation, especially direct
Any organisation that processes a lot of personal information. This could be an organisation in the public (like the Department of Home Affairs) or private sector (like a bank or a medial aid). The industries that are most affected are Financial Services, Healthcare and Marketing. Banks, retailers, credit providers, insurance companies, medical aid companies, hospitals, direct marketers, business process outsources and telcos are some of the organisations on which POPI is high impact. The essence of some businesses is the processing of personal information – the impact on them is hu
- We have significant practical experience dealing with these specific areas.
- Our sessions are interactive – you are able to ask questions, have your specific issues dealt with, and influence what gets discussed.
- Our sessions are tailored to the attendees – we ask you questions in advance so that we know what your issues are and your existing level of knowledge.
- You are able to network with other people at the event.
- We do not give sales pitches, which is unfortunately so often what speakers do at conferences.
- We provide insight and simplify the issues, which can only be done after practically applying POPI to real business issues.
- We empower you and do not try to entrench ourselves in your organisation.
- The topic gets covered more comprehensively when one person leads the discussion for a day, rather than many different people covering the same ground. It is not different people covering the same issues superficially in different ways.
- We cover the same ground in one day, rather than two. This saves you time and money. We tell you what you need to know, not everything.
John Giles is a trusted independent professional legal adviser, who is a practising attorney. He is currently helping many people understand the practical impact of POPI on their organisations. He helps them to comply with POPI and implement effective privacy projects. He has also presented over 70 times on the topic to thousands of people. John is an information, communications and technology (ICT) lawyer. He has 17 years of practical experience applying his knowledge to organisations to help them grow and avoid legal problems, difficulties, and disputes.
We provide this course in different formats. Public and private sessions can last for anything from 45 minutes, half a day or a full day. We also provide eCourses that can be done via the Internet at your convenience. We welcome enquires for more information and details.
Our public events are at various venues around the world. We choose venues that are central and easy to get to, that have adequate parking, good food, and that ensure you are comfortable. We are also happy to give the POPIA workshop or executive briefing at your venue.
Feedback from the delegates about the POPI workshop
I like the practical approach to the problem of compliance. In fact this is the first course that I have attended which actually shared a practical approach.
This is the first time that I have attended a regulatory training course that had truly practical elements to it. It was very beneficial and I feel I took away a lot of valuable ”action items”
Having been to many presentations I have to congratulate the presenters for the focus of the material and for holding the interest of the audience at all times. As one that had not been exposed to the POPI Act very much this encapsulated the bill and was presented in an understandable way. I was impressed that something this difficult was made clearer for me.
The workshop offered a practical, holistic approach on the subject of POPI compared to other workshops which are mostly just approaching the topic from a marketing perspective.
Presents digested information, saving me hours and enabling execution
I thought the seminar was very interesting and the information was presented very well by John Giles
Watch this short video about the POPI Act workshop
In this 2 minute video John Giles (the managing attorney at Michalsons) talks about the Michalsons POPI workshop and explains what they entail.